The iPhone’s security is so tight that it’s hard to find any flaws at all, which leads to sky-high prices for bugs on the grey market. Researchers I spoke to are reluctant to report bugs both because they are so valuable and because reporting some bugs may actually prevent them from doing more research.
“People can get more cash if they sell their bugs to others,” said Nikias Bassen, a security researcher for the company Zimperium, and who joined Apple’s program last year. “If you’re just doing it for the money, you’re not going to give [bugs] to Apple directly.”
Patrick Wardle, a former NSA hacker and researcher at Synack who now specializes in MacOS research and was invited to the Apple bug bounty program, agreed. He said that iOS bugs are “too valuable to report to Apple.”
