Obfuscation Security Researcher Intern - Paris, France

Summary

Apple Services Engineering implements and deploys services at scale, such as Apple TV, iCloud, or the App Store. Expanding these services to new platforms and users means using a variety of content and code protection mechanisms, existing or custom-made.

Please note: Ideally, we would prefer applications for individuals based within France, specifically Paris. We will require you to access the office in Paris 3 x a week, and 2 days remote working from home. We will not be sponsoring visa's or relocating individuals for this internship.

Please submit your application in English, if possible.

Description

During this internship, you will have the challenge of conducting a comparative study of protection mechanisms for iOS applications. You’ll perform security evaluations to understand how applications can implement code hardening and anti-tampering defences.

You will work as part of an extraordinary team of security experts composed of reverse engineers, content protection experts, cryptographers, data scientists, and developers, where we have the freedom to bring new ideas and design innovative solutions.

Based in Paris, we are passionate about security and work with a variety of cross-functional teams across Apple, worldwide.

Please note: Ideally, we would prefer applications for individuals based within France, specifically Paris. We will require you to access the office in Paris 3 x a week, and 2 days remote working from home. We will not be sponsoring visa's or relocating individuals for this internship.

Responsibilities

• Analyse: understand how code protection mechanisms can work across different implementations
• Evaluate: assess the effectiveness and robustness of the identified strategies
• Tooling: develop your own utilities to facilitate the analysis of protected binaries
• Document: produce detailed technical reports on methodologies, protection mechanisms, and comparative findings
  
  

Minimum Qualifications

• Strong understanding of reverse engineering concepts and methodologies
• Proficiency with binary analysis tools (IDA Pro, Ghidra, or similar)
• Knowledge of code obfuscation techniques (control flow flattening, opaque predicates, mixed boolean arithmetic expressions, junk code insertion, data masking, virtualization, etc.)
• Experience with dynamic analysis techniques (debuggers, instrumentation frameworks)
• Problem-solving mindset and attention to detail in analyzing complex, protected code
• Understanding of ARM64 assembly and Mach-O binary format would be a plus
  
  

At Apple, we’re not all the same. And that’s our greatest strength. We draw on the differences in who we are, what we’ve experienced, and how we think. Because to create products that serve everyone, we believe in including everyone. Therefore, we are committed to treating all applicants fairly and equally. We will work with applicants to make any reasonable accommodations.