Startup Countersues Apple, Alleging Failure to Pay ‘Rewards’ Owed in iOS ‘Bug Bounty Program’

Corellium, the mobile-developer startup that Apple sued Aug. 15 in “a straightforward case of infringement” of the iOS operating system (see 1908160004), filed a counterclaim accusing Apple of stiffing it on $300,000 in “rewards” it owes the company for participating in the iOS “bug bounty program.” As part of its “discovery” in the lawsuit, which was inexplicably terminated Aug. 16 before being reinstated, “Apple is requesting that Corellium disclose any and all bugs it is aware of for free,” said the heavily redacted counterclaim (in Pacer) in U.S. District Court in West Palm Beach, Florida, accusing Apple of unjust enrichment. “Through this lawsuit, Apple continues its practice of obtaining and retaining the benefit of Corellium’s technology while refusing to pay for that benefit.” Corellium co-founder Chris Wade joined the “invitation-only” bug bounty program in April 2017 and reported seven iOS flaws to Apple in the past two years for which he and the company weren’t paid, said the counterclaim. Apple used to pay $200,000 per bug to participants in the program but upped the reward to $1 million Aug. 8, a week before filing suit against Corellium, it said. Apple’s complaint is an effort to “stifle innovation and the freedom of mobile developers,“ emailed Corellium CEO Amanda Gorton Thursday. “This comes as a surprise to our team, given our long-standing relationship with Apple,” she said. “We think Apple’s lawsuit is driven by its own business interests rather than a genuine belief that we violated any of its rights.” Apple didn’t comment.