The third party that helped break into the iPhone has sole ownership of the hacking technique, which makes it unlikely that authorities will share the method to Apple, or any other entity.
According to Reuters, the White House has a process for reviewing technology security gaps and deciding which should be revealed to the public. The procedure, the Vulnerabilities Equities Process, does not handle or disclose flaws that are discovered and owned by private companies. Without the collaboration of the company that hacked the iPhone, the FBI would not be able to submit the hacking technique to the Vulnerabilities Equities Process—even if it wanted to.
The procedure was designed to let government interests discuss what should be done with given security gaps, instead of leaving it up to agencies like the National Security Agency, which normally keep flaw secrets to themselves and use them for their benefit.
Rob Knake, who managed the process before leaving last year, said the FBI itself most likely doesn’t know the method used to hack the iPhone, according to Reuters.
“There is no way the government could force companies to share the methods that they are trying to sell, or any way to stop government agencies from buying from those companies,” said Knake.
The Apple and FBI conflict began when the Justice Department ordered the Cupertino-based company to unlock an iPhone belonging to one of the San Bernardino mass shooters. After Apple declined to cooperate, citing privacy concerns, the FBI sought help from a third party and was able to hack into the phone without the Apple’s help. Israeli mobile forensics firm, Cellebrite, is believed to have helped U.S. authorities hack the phone.
After the hacking, FBI director James Comey, said the method that was used for the San Bernardino Apple device works only on a “narrow slice of phones.” He revealed the hacking technique works only for the the iPhone 5C, running version 9 of Apple’s mobile operating system, not on newer or older models.
Meanwhile, Apple has vowed to reinforce security on its devices.