undefined | Better HN

0 pointsac298y ago0 comments

Exploring the acknowledgements [0] shows many of these Chinese researchers are working for the big internet firms there (Alibaba, Tencent, Baidu), so my guess is they are more motivated in securing Android for internal use than collecting bounties (its entirely possible they run their own AOSP-based Android builds for employee-provided hardware).

Being China, its also possible that the Chinese government indirectly or directly sponsors this research, since Android is by far the most common smartphone OS there.

edit: C0RE Team [1], who also has many contributions seems to be an independent research company, who may be doing it just for the bounties.

[0] https://source.android.com/security/overview/acknowledgement...

[1] http://c0reteam.org/about.html

0 comments

2 comments · 1 top-level

wahern8y ago· 1 in thread

An interesting exercise would be to compile notification dates with code commit dates, and then compare the average difference (notification date - commit date) among groups.

If there's a discrepancy, then that's possible evidence one group might be hoarding bugs, or at least waiting for notification approval from, e.g., a domestic intelligence agency.

Cyphase8y ago

cue commit scrubbers

j / k navigate · click thread line to collapse