250+ Android devices have received security updates in last 90 days
While each of the two biggest mobile operating systems has their strengths and weaknesses, it’s also apparent that both are working to improve things. On the Android side of things, malware and exploits have been a couple of topics that can go viral due to Android maintaining over 80% of the global smartphone market share. Google isn’t just sitting back and allowing this problem to fester though, and that was the goal of the Android’s monthly security update program. As it has grown and more partners have agreed to do their share, the company just revealed that over 250 different Android devices have received at least one security update in the last 90 days.
To many of us enthusiast who goes as far as to manually flash OTA security updates the day Google releases them, that doesn’t seem like a very impressive number at all. The company didn’t give any details about how many devices were updated with security updates before they got involved, but this is assuredly an improvement. Devices in their published list include the likes of ANS, ASUS, BlackBerry, BLU, BQ, Docomo, Essential Products, Fujitsu, General Mobile, Google, HTC, Huawei, Itel, Kyocera, Lanix, Lava, LG, Motorola, Nokia, OnePlus, OPPO, Positivo, Samsung, Sharp, Sony, Tecno, Vestel, VIVO, Vodafone Xiaomi, and ZTE.
In the new blog post, the company also spoke about its success with the Android and Google Play Security Rewards Programs. Together, these two programs have surpassed $3 million in payouts to date with the Android Security Rewards Program being responsible for the lion’s share of the payouts (equating to about $1 million per year). While they are proud of the results of the Android Security Rewards program has had, they are also proud that their own internal security team has been able to keep things so secure that there has yet to be any payouts for the highest possible reward (a complete remote exploit chain leading to TrustZone or Verified Boot compromise).
Of those who have participated in the Android Rewards Program, there have been 99 individuals who contributed one or more fixes. The reward averages are $2,600 per reward and $12,500 per researcher. Guang Gong received Google’s highest reward amount to date ($105,000 for his submission of a remote exploit chain).
The Google Play Security Rewards program has seen less activity but this is something we should have expected. The program was rolled out back in October of 2017 and so far researchers have reported over 30 vulnerabilities through the program. This security rewards program has earned those researchers a combined bounty amount of over $100,000. While $100,000 isn’t as impressive of a number as $3 million, the reported vulnerabilities could have potentially led to an elevation of privilege, access to sensitive data, and remote code execution on devices.
Source: Android Developers Blog