Timothy D. Cook has found himself in a strange position. It looks like someone knows about an important flaw in Apple’s flagship product, and won’t tell its chief executive what it is.
That could be because Apple doesn’t payoutside hackers who find exploitable flaws in Apple software. Paying so-called “bug hunters” has become the norm at many tech companies, and the United States government does it too.
In fact, that is probably how it attracted a third party that claims to have a method for cracking the encryption on an iPhone. The government was getting ready to take Apple to court to make Apple decrypt the phone used by the San Bernardino gunman, but late on Monday the Justice Department said an outside party had demonstrated a way to get around Apple’s protections.
That announcement appears to have at least stalled what many saw as a seminal case on privacy, encryption and the rights of the state in the age of computer communications.
And it may serve as an wake-up call to Apple about how it safeguards its products.
As Nicole Perlroth writes, Google has paid over $6 million to outside hackers who have alerted it to software bugs in its products that could be exploited by malicious outsiders. Facebook, Microsoft and Twitter, among others, also have such programs. Unique among the giants, Apple appears to stand alone, claiming it sees no benefit in paying people to point out your flaws.
One reason may be Apple’s iconic reputation for making a safer, better-built computer. Indeed, for many years Apple computers had far fewer attacks than machines running Microsoft Windows, but experts said this had as much to do with the relative attraction of trying to find flaws in Windows, which had much more of the market. If you did find a flaw, there were more computers to exploit.
Now that Apple has a huge market presence, a robust underground market in selling knowledge of flaws in Apple software has sprung up. Apparently, flaws in the Safari browser are worth $100,000, and knowledge of iPhone issues can command 10 times as much.
That may become a new market that Mr. Cook will want to attack, dominate — and shut down.