Google has rewarded India's Rony Das for discovering and reporting a bug in the Android Foreground Services, which hackers could exploit easily to make their way into the phone and access personal information. Das, who belongs to Assam, received $5,000, which is roughly Rs 3.5 lakh, as a reward prize from Google for reporting the bug.
Das, who is a cyber security expert, reported the bug to Google earlier this year in May. According to an email from Google Android Security Team, Das found the vulnerability in Android Foreground Services when he ran into technical issues while creating an application for the Android platform.
“As a recognition of your efforts, we would like to offer you a discretionary reward of $5000. Please note this is a one-time exception to our normal procedures as a thank you for the high-quality submission and follow up information you provided,” said Google Android Security Team in an email to Das, according to The East Mojo.
According to Das, the bug he found does not fall in line with the purpose of using Android Foreground Services, and his exploit could bypass the detection process using this vulnerability. This exploit was able to access the phone's hardware such as camera, microphone, and location from the background without informing the user or sending out any notification. After reporting the vulnerability to Google, Das was in constant touch with the tech giant, and it was with his help that Google was able to fix the vulnerability. Das also refused to share the technical details of this vulnerability, citing confidentiality from Google.
However, Google has not shared any information about this fix yet. So, if you are wondering whether this vulnerability impacted your phone, Google has not come up with an answer. But given the nature of the vulnerability, the fix may have already reached you as a part of a backend update or may begin being rolled out soon.
Das defines himself as a cyber enthusiast and his previous works include a bug discovery on the official website of Gauhati University. And his latest discovery is important because it stopped the way that hackers could have used to enter phones surreptitiously. Tech companies, such as Google, Apple, Facebook, offer bug bounties to researchers, engineers, and cyber experts for finding bugs, so if you have the expertise, you could also win a reward.