Talk

Hack, Patch, Repeat: Insider Tales from Android’s Bug Bounty

March 13, 17:00 (CLOUD)

What does it take to secure 3 billion users on the world’s leading mobile platform? This session dives into Android security from a holistic perspective, offering a rare look into how the Android Security team manages vulnerability detection, assessment, and large-scale remediation across a vast ecosystem.

We’ll start by following the path of a vulnerability report through the Android Vulnerability Rewards Program (VRP), unveiling the foundational principles of Android’s security model and showing how each report is evaluated for severity. Through real-world case studies, attendees will see firsthand the complexities of Android’s unique threat landscape.

The talk will also cover the processes behind fixing and distributing updates across Android’s diverse ecosystem of OEMs, partners, and device configurations, revealing insights drawn from thousands of VRP reports and security bulletins. We’ll present data-driven trends in critical vulnerabilities from recent years, alongside practical tips for maximizing research impact and rewards.

Join us for a unique inside view of vulnerability management at Android scale, with actionable insights for security professionals and researchers looking to advance in mobile security.

Speaker

Maria Uretsky

Maria Uretsky is engineering manager on the Android Product Security Engineering team in Google.
Her passion is to break all the things before the bad actors do, to ensure they are kept out.
During her 10+ years of software engineering and security work, she has been part of Google Cloud Security, Azure Sentinel, Windows Defender and AVG.

Olivier Tuchon

Olivier Tuchon is a Senior Security Engineer on the Android Vulnerability Research team. Olivier has been working at Google for 6+ years, he started by chasing malware in the Play Store and into the wild (OffMarket) with a speciality in Stalkerware. Now, Olivier looks for exploits in Android. Before Google, Olivier was a Security Engineer in the French Army for 12 years.

Organized by

Technology partners

Partner events

Scroll to Top