Posted yesteryear Jason Woloz too Mayank Jain, Android Security & Privacy Team
Our Android too Play safety vantage programs assist us run alongside live yesteryear researchers from around the the world to improve Android ecosystem safety every day. Thank y'all to all the amazing researchers who submitted vulnerability reports.
Android Security Rewards
In the ASR program's 3rd year, nosotros received over 470 qualifying vulnerability reports from researchers too the average pay per researcher jumped yesteryear 23%. To date, the ASR plan has rewarded researchers alongside over $3M, paying out roughly $1M per year.
Here are some of the highlights from the Android Security Rewards program's 3rd year:
- There were no payouts for our highest possible reward: a consummate remote exploit chain leading to TrustZone or Verified Boot compromise.
- 99 individuals contributed ane or to a greater extent than fixes.
- The ASR program's vantage averages were $2,600 per vantage too $12,500 per researcher.
- Guang Gong received our highest vantage amount to date: $105,000 for his submission of a remote exploit chain.
As role of our ongoing commitment to safety nosotros regularly update our programs too policies based on ecosystem feedback. We likewise updated our severity guidelines for evaluating the touching of reported safety vulnerabilities against the Android platform.
Google Play Security Rewards
In Oct 2017, nosotros rolled out the Google Play Security Reward Program to encourage safety query into pop Android apps available on Google Play. So far, researchers convey reported over thirty vulnerabilities through the program, earning a combined bounty amount of over $100K.
If undetected, these vulnerabilities could convey potentially led to live yesteryear of privilege, access to sensitive information too remote code execution on devices.
Keeping devices secure
In improver to rewarding for vulnerabilities, nosotros proceed to run alongside the wide too various Android ecosystem to protect users from issues reported through our program. We collaborate alongside manufacturers to ensure that these issues are fixed on their devices through monthly security updates. Over 250 device models convey a bulk of their deployed devices running a safety update from the concluding ninety days. This tabular array shows the models alongside a bulk of deployed devices running a safety update from the concluding iii months:
| Manufacturer | Device |
| ANS | L50 |
| Asus | ZenFone 5Z (ZS620KL/ZS621KL), ZenFone Max Plus M1 (ZB570TL), ZenFone four Pro (ZS551KL), ZenFone v (ZE620KL), ZenFone Max M1 (ZB555KL), ZenFone four (ZE554KL), ZenFone four Selfie Pro (ZD552KL), ZenFone 3 (ZE552KL), ZenFone 3 Zoom (ZE553KL), ZenFone 3 (ZE520KL), ZenFone 3 Deluxe (ZS570KL), ZenFone four Selfie (ZD553KL), ZenFone Live L1 (ZA550KL), ZenFone v Lite (ZC600KL), ZenFone 3s Max (ZC521TL) |
| BlackBerry | BlackBerry MOTION, BlackBerry KEY2 |
| Blu | Grand XL LTE, Vivo ONE, R2_3G, Grand_M2, BLU STUDIO J8 LTE |
| bq | Aquaris V Plus, Aquaris V, Aquaris U2 Lite, Aquaris U2, Aquaris X, Aquaris X2, Aquaris X Pro, Aquaris U Plus, Aquaris X5 Plus, Aquaris U lite, Aquaris U |
| Docomo | F-04K, F-05J, F-03H |
| Essential Products | PH-1 |
| Fujitsu | F-01K |
| General Mobile | GM8, GM8 Go |
| Pixel ii XL, Pixel 2, Pixel XL, Pixel | |
| HTC | U12+, HTC U11+ |
| Huawei | Honor Note10, nova 3, nova 3i, Huawei Nova 3I, 荣耀9i, 华为G9青春版, Honor Play, G9青春版, P20 Pro, Honor V9, huawei nova 2, P20 lite, Honor 10, Honor viii Pro, Honor 6X, Honor 9, nova 3e, P20, PORSCHE DESIGN HUAWEI Mate RS, FRD-L02, HUAWEI Y9 2018, Huawei Nova 2, Honor View 10, HUAWEI P20 Lite, Mate nine Pro, Nexus 6P, HUAWEI Y5 2018, Honor V10, Mate 10 Pro, Mate 9, Honor 9, Lite, 荣耀9青春版, nova 2i, HUAWEI nova ii Plus, P10 lite, nova 青春版本, FIG-LX1, HUAWEI G Elite Plus, HUAWEI Y7 2018, Honor 7S, HUAWEI P smart, P10, Honor 7C, 荣耀8青春版, HUAWEI Y7 Prime 2018, P10 Plus, 荣耀畅玩7X, HUAWEI Y6 2018, Mate 10 lite, Honor 7A, P9 Plus, 华为畅享8, award 6x, HUAWEI P9 lite mini, HUAWEI GR5 2017, Mate 10 |
| Itel | P13 |
| Kyocera | X3 |
| Lanix | Alpha_950, Ilium X520 |
| Lava | Z61, Z50 |
| LGE | LG Q7+, LG G7 ThinQ, LG Stylo 4, LG K30, V30+, LG V35 ThinQ, Stylo ii V, LG K20 V, ZONE4, LG Q7, DM-01K, Nexus 5X, LG K9, LG K11 |
| Motorola | Moto Z Play Droid, moto g(6) plus, Moto Z Droid, Moto X (4), Moto G Plus (5th Gen), Moto Z (2) Force, Moto G (5S) Plus, Moto G (5) Plus, moto g(6) play, Moto G (5S), moto e5 play, moto e(5) play, moto e(5) cruise, Moto E4, Moto Z Play, Moto G (5th Gen) |
| Nokia | Nokia 8, Nokia vii plus, Nokia 6.1, Nokia viii Sirocco, Nokia X6, Nokia 3.1 |
| OnePlus | OnePlus 6, OnePlus5T, OnePlus3T, OnePlus5, OnePlus3 |
| Oppo | CPH1803, CPH1821, CPH1837, CPH1835, CPH1819, CPH1719, CPH1613, CPH1609, CPH1715, CPH1861, CPH1831, CPH1801, CPH1859, A83, R9s Plus |
| Positivo | Twist, Twist Mini |
| Samsung | Galaxy A8 Star, Milky Way J7 Star, Milky Way Jean, Milky Way On6, Milky Way Note9, Milky Way J3 V, Milky Way A9 Star, Milky Way J7 V, Milky Way S8 Active, Milky Way Wide3, Milky Way J3 Eclipse, Milky Way S9+, Milky Way S9, Milky Way A9 Star Lite, Milky Way J7 Refine, Milky Way J7 Max, Milky Way Wide2, Milky Way J7(2017), Milky Way S8+, Milky Way S8, Milky Way A3(2017), Milky Way Note8, Milky Way A8+(2018), Milky Way J3 Top, Milky Way J3 Emerge, Milky Way On Nxt, Milky Way J3 Achieve, Milky Way A5(2017), Milky Way J2(2016), Milky Way J7 Pop, Milky Way A6, Milky Way J7 Pro, Milky Way A6 Plus, Milky Way Grand Prime Pro, Milky Way J2 (2018), Milky Way S6 Active, Milky Way A8(2018), Milky Way J3 Pop, Milky Way J3 Mission, Milky Way S6 edge+, Milky Way Note Fan Edition, Milky Way J7 Prime, Milky Way A5(2016) |
| Sharp | シンプルスマホ4, AQUOS feel addition (SH-M07), AQUOS R2 SH-03K, X4, AQUOS R SH-03J, AQUOS R2 SHV42, X1, AQUOS feel lite (SH-M05) |
| Sony | Xperia XZ2 Premium, Xperia XZ2 Compact, Xperia XA2, Xperia XA2 Ultra, Xperia XZ1 Compact, Xperia XZ2, Xperia XZ Premium, Xperia XZ1, Xperia L2, Xperia X |
| Tecno | F1, CAMON I Ace |
| Vestel | Vestel Z20 |
| Vivo | vivo 1805, vivo 1803, V9 6GB, Y71, vivo 1802, vivo Y85A, vivo 1726, vivo 1723, V9, vivo 1808, vivo 1727, vivo 1724, vivo X9s Plus, Y55s, vivo 1725, Y66, vivo 1714, 1609, 1601 |
| Vodafone | Vodafone Smart N9 |
| Xiaomi | Mi A2, Mi A2 Lite, MI 8, MI viii SE, MIX 2S, Redmi 6Pro, Redmi Note v Pro, Redmi Note 5, Mi A1, Redmi S2, MI MAX 2, MI 6X |
| ZTE | BLADE A6 MAX |
Thank y'all to everyone internally too externally who helped brand Android safer too stronger inwards the yesteryear year. Together, nosotros made a huge investment inwards safety query that helps Android users everywhere. If y'all desire to larn involved to brand adjacent twelvemonth fifty-fifty better, cheque out our detailed program rules. For tips on how to submit consummate reports, encounter Bug Hunter University.
