What does it take to secure 3 billion users on the world’s leading mobile platform? This session dives into Android security from a holistic perspective, offering a rare look into how the Android Security team manages vulnerability detection, assessment, and large-scale remediation across a vast ecosystem.
We’ll start by following the path of a vulnerability report through the Android Vulnerability Rewards Program (VRP), unveiling the foundational principles of Android’s security model and showing how each report is evaluated for severity. Through real-world case studies, attendees will see firsthand the complexities of Android’s unique threat landscape.
The talk will also cover the processes behind fixing and distributing updates across Android’s diverse ecosystem of OEMs, partners, and device configurations, revealing insights drawn from thousands of VRP reports and security bulletins. We’ll present data-driven trends in critical vulnerabilities from recent years, alongside practical tips for maximizing research impact and rewards.
Join us for a unique inside view of vulnerability management at Android scale, with actionable insights for security professionals and researchers looking to advance in mobile security.