The reward will be paid through the new Android Enterprise Vulnerability Rewards program.
Google’s new Android Enterprise Vulnerability Rewards program pays security researchers up to $ 250,000 for exploits affecting Pixel smartphones running Android Enterprise. The company announced its latest bug bounty program in a blog post highlighting various business-focused security updates introduced with Android 12, such as limiting USB-based attacks, “including updates of features.
Google has said it “also takes on the role of identity providers in Android Zero Trust environments” by giving them access to the information they need to “perform a full reliability scan before granting access to resources. of the company “. This is intended to allow businesses that manage Android devices to precisely control their access to resources. (Palo Alto Networks has a solid explanation of the Zero Trust Model on their Cyberpedia.)
The company’s latest announcement was the new extensibility framework for the Android Management API, which allegedly will allow users of the Enterprise Mobility Management (EMM) solution to “tune the API functions of Android management on the fly using tokens “on the device to trigger instant policy changes. . and find unique “solutions and evolving business needs.”
However, Google knows that bragging about the security of the platform is one of the fastest ways to trick people into finding ways around these protections, and that’s where the Android Enterprise program comes in. Vulnerability Rewards. Unfortunately, the company didn’t provide many details on the scope. program or when you start accepting submissions for the program.
The page Google is linked to in its blog post leads to the existing Android Security Rewards Program, which fixes the operating system vulnerabilities of the company’s latest Pixel smartphones. However, the maximum payout for this program is $ 1 million, and the shipping policy does not include any specific information related to Android Enterprise.
“These pages should be updated soon,” a Google spokesperson told us. “The Enterprise program will be part of the larger Android program.” However, the page has not been updated at the time of writing, which is the day after the show’s launch.
Google plans to share more information about Android Enterprise and its use by organizations like the FBI, Walmart, and others at an event called The Art of Control on October 27. (The link that Twitter marked as “potentially spam or dangerous”, by the way, at least as it appeared in the tweet on the official Android account).