Why it was fair for Apple to kick out the security researcher

Charlie Miller, a security researcher, noticed a bug in iOS a while ago that would allow apps to run unsigned code in apps. All code in apps on the App Store has to be signed or approved by Apple to ensure that it is safe for the device however Miller found a way round this in iOS 4.3 that allowed him to put dangerous code into any app. He even managed to develop an app that would fetch and run unapproved code allowing the app to do things that Apple hadn’t said it could do.

Clearly if the bug had been found by someone that wasn’t a security researcher it could have been incredibly dangerous as hackers could have used it to exploit iPhones across the world to obtain users’ credit or even credentials. The iPhone was designed to be secure and so it would clearly be a problem if people were able to do this.

Apple removed Miller’s developer license because he had (technically) broken the license agreement by releasing the app. It is perfectly legal for them to do so because he did break the law with the app, however it would probably have been best if Miller had tested the bug before alerting Apple so that they could deal with it internally.

A similar procedure is adopted by Google and Mozilla who frequently offer bounties to developers that are able to find bugs in their open-source software. If Miller had acted in this way it would have been reasonable for Apple to offer a bounty, but because he  broke the developer agreement it makes sense he was kicked off.