Bug bounty program for android enterprise released by Google

News / Bug bounty program for android enterprise released by Google

Bug bounty program for android enterprise released by Google

A new bug bounty platform has been launched for the enterprise version of Android 12, looking for security vulnerabilities in Google Pixel devices running Android Enterprise. In a blog post uploaded Thursday, senior product manager Rajeev Pathak announced that there is a $250,000 bounty in place for anyone who finds a full exploit on Google Pixel devices. 

Google has set up a number of bug bounty programs they call Vulnerability Rewards Programs. These programs pay security researchers and ‘ethical hackers’ to uncover vulnerabilities in Google’s services, but report them to Google instead of disclosing them to the public. The Android Enterprise Vulnerability Rewards Program is looking for exploits that could allow users to break out of the limitations an employer may place on a company device. 

Android 12 Enterprise and Security Features 

Android 12 was released earlier the same week on October 19th, and set its sights on improving the overall security features of the consumer version of Android 12. With the release of the consumer edition Android 12 and its updated security measures, Google have carried the momentum forward, making tight security a key goal for the enterprise version. 

In the blog post, some of the key security features introduced in the enterprise version of Android 12 were outlined. The main features detailed are “password complexity controls to make it easier to protect company data, and disabling USB signaling on company-owned devices to limit USB-based attacks.” Google also announced improved privacy features for employees, allowing IT admins to give employees control over “sensor-related permissions” such as camera and location. 

Google also announced expanded zero trust support for the platform. Zero trust models assume that a network is never safe, and any attempt to access it should not be granted freely. As described in the Google blog post: “As more mobile workers access data from remote devices outside of traditional security perimeters, companies are increasingly pursuing a Zero Trust security model.” Google states that identity providers will be able to build a comprehensive analysis of users accessing corporate resources before access is granted. Google hopes to do this by increasing the uptake of their Custom Tabs tool for Chrome. 

Google also announced that Android will be receiving functionality to allow for work profiles to be set up on unmanaged devices. They state: “This will eventually allow anyone using Android for business purposes to separate work and personal apps in one interface and pause all work-related apps in one click.”

How secure is

your business?

Security test
How secure is

your business?

Security test