A year ago today Google announced Android Security Rewards, an expansion of its Vulnerability Rewards Program. Find a vulnerability, tell Google about it, help them fix the issue, and take home money. That's the concept, and it's a common one in the tech industry.
Google handed out over half a million bucks to 82 individuals over the past year. This averaged out to $2,200 per reward. Researchers averaged higher payouts, at $6,700. One, @heisecode, received $75,750 for 26 vulnerability reports. 15 researchers received $10,000 or more. Read More
Google started taking security updates much more seriously last year after the Stage Fright vulnerability hit. Samsung followed suit, and even launched a monthly security bulletin mirroring Google's. Now, LG has a security bulletin site where it will post updates on vulnerabilities. First up, the May security bulletin, the most recent one Google has published. Read More
Google Street View is awesome. With just a few taps of a button, you can get transported to new countries to explore their streets, landscapes, museums, and more. I remember using it two years ago to get a feel for my hotel's location in London and check the distance between the metro station exit and the hotel. I didn't want to look like a complete tourist upon my arrival for my first vacation in the city.
But Street View has caused lots of security and privacy concerns. Some countries have outright banned Google from driving their streets, others have spent years arguing with Google until they let it start collecting information (like Greece), and others have citizens who asked Google to blur their houses, and so on. Read More
A little earlier today Google posted the Android 6.0.1 security updates for June to the AOSP changelog. Being the responsible Android citizen that it is (well, most of the time), Samsung has immediately followed suit with its own list of code updates. These are the issues that are problems for specific Samsung devices and their related software builds, or at least, the ones that have been addressed since the same security bulletin last month. As usual, they're limited to "major flagship models." Read More
Google will be launching its new Allo chat application in the coming weeks, and with it comes true end-to-end encryption. Open Whisper Systems has announced that its own Signal Protocol is powering the encryption in Allo. It's not on by default, which has sent some privacy purists into a fit, but this is still a very good thing. Read More
Most of the mobile devices sold in the US have to wait a long while for security updates to be developed and deployed, and that's just if you're lucky enough to get one. Most phones don't come with any guarantee of security updates, and government regulators are starting to wonder why. The Federal Communications Commission (FCC) and Federal Trade Commission (FTC) are on the case. Read More
Google introduced factory reset protection (FRP) in Android 5.1 to make it impossible to use a stolen device. Ever since then, RootJunky has been finding workarounds for it. Presumably this is all he does, tapping around in the setup menu for hours or days on end until he finds a trick. Google just rolled out the May security patch for Nexus devices, and RootJunky has found a FRP bypass method for it. It's not easy, but it works. Read More
It's the first Monday of May, and that means there are some new factory images and OTAs for the Nexus line. As usual, these new firmware packages include the latest security patches from the preceding month, and possibly some bug fixes and optimizations, as well. While we'll be looking for changes in the AOSP changelog (coming soon), Google has posted the security bulletin to explain the major risks that that have been fixed in this release.
Google took special care to point out that the security bulletin has been renamed (from "Nexus" to "Android") to reflect its relationship to all devices running Android, not just those directly supported by Google. Read More
Google has released its second Android Security Annual report, and it's full of big, impressive numbers. The full report is 49 pages long and covers the state of Android security in detail, but the basics are covered in Google's latest blog post. The gist is, Google scans all the things to keep Android users safe. We're talking about billions of apps; the Verify Apps service sure is working overtime. Read More