Apple is now accepting applications for its 2026 Security Research Device (SRD) program, which provides specially modified iPhones to security researchers for investigating iOS vulnerabilities.
The program is designed to facilitate deep security analysis without requiring researchers to bypass the platform’s built-in protections.
The application period closes on October 31, 2025.
What the Apple 2026 SRD program provides to researchers?
Participants in the program receive a customized iPhone on a 12-month loan. This device is not a standard consumer phone and is intended exclusively for security research. Key features and benefits include:
- Shell access. Researchers can run commands and tools directly on the device.
- Custom entitlements. Participants can set their own permissions for apps and processes.
- Kernel modification. The device allows for modifications to the core component of the operating system.
- Access to beta software. Researchers get early versions of upcoming iOS releases to test for vulnerabilities.
- A private research community. Participants can collaborate and share knowledge with other researchers in the program.
The scope of research covers all of iOS and the iPhone hardware, with the exception of Apple Pay and third-party applications. Apple requires that the device remain on the researcher’s premises at all times.
Vulnerability reporting and bounties
The SRD allows researchers to find and report vulnerabilities to Apple without concerns about circumventing security layers.
All vulnerabilities discovered using the device are automatically considered for Apple’s Security Bounty program. The program offers financial rewards for valid security issues, with bonus payments for bugs found in beta or preview software versions.
Eligibility and how to apply to Apple 2026 SRD program
To qualify for the program, applicants must meet several criteria:
- Have a proven track record of finding security issues on Apple platforms or other modern operating systems.
- Reside in one of the eligible countries or regions.
- Be the legal age of majority in their jurisdiction.
- Not be a current or recent Apple employee (within the last 12 months).
Experienced researchers can find more details and the application form on Apple’s Security Research website.
