Google has announced the first vulnerability rewards program for its Android Enterprise initiative with bounties going up to $250,000, as part of its effort to further secure the platform.
Android Enterprise is Google’s attempt to enable the use of Android devices and apps in the workplace, by enabling mobile developers to integrate Android support into mobile device management (MDM) solutions.
Explaining its new push for securing Android Enterprise, Rajeev Pathak, a senior product manager at Google writes that effectively managing the growing number of mobile devices has become imperative for businesses as remote working and hybrid work environments become the norm.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
“Since we believe scrutiny and transparency are key to improving security, we’ve launched a new Android Enterprise category as part of the Android Security Rewards Program. We’re offering a reward of up to $250,000 for a full exploit on a Pixel device running Android Enterprise,” shares Pathak.
Despite IDC revealing that over 80% of IT leaders are increasing their investing in enterprise mobility, Pathak argues that spending more on security and management solutions alone won’t provide control over enterprise data.
“For mobility to truly work in the long term, it’s critical to balance strong platform security with effortless, flexible management that scales to specific needs around user choice, privacy and control,” explains Pathak.
Pathak uses this argument to introduce the security enhancements in Android 12 especially for business customers, including improving password complexity controls, and disabling USB signaling on company-owned devices to limit USB-based attacks.
He shares that although Android 12 already meets the most rigorous deployment requirements, including the United States Department of Defense's Security Technical Implementation Guide, the company wants to use the rewards program to further secure the platform.