Google Launches a Bug Bounty Program for Android Enterprise

This includes a new bug bounty program, the aptly named Android Enterprise Vulnerability Program, which promises up to $250,000 for a full exploit of a Pixel device that runs Android Enterprise.

Android 12 is now officially available for Google’s Pixel phones and will slowly roll out to others in the coming months. Chances are, you think of Android as a consumer product, but over the course of the last few years, Google has put a lot of work into making it an enterprise tool, too. It’s maybe no surprise that with the launch of Android 12, which already includes a number of new enterprise features by default, Google is also now announcing a couple of new security-focused initiatives around Android Enterprise, too.

But Google is also working with its wider partner ecosystem to expand its support for the Zero Trust security model on Android. This means, for example, working with partners like Okta, Ping and ForgeRock to move their authentication workflows from WebView to Chrome Custom Tabs on Android. Google has long argued that developers should use Custom Tabs whenever they render content from outside of their own domain, in part for performance reasons, but also because Chrome’s Safe Browsing features provide additional security.

“While WebView is a flexible and powerful component for rendering web content, Custom Tabs are more modern and full-featured, allowing identity providers to gather device trust signals, improve employee security and enable single-sign-on across apps and the web,” explains Rajeev Pathak, a senior product manager at Google, in today’s announcement.

Google is also extending its Android Management API to make it easier for companies that use Enterprise Mobility Solutions from the likes of Microsoft, Citrix or Google itself to ensure that users “receive the fastest delivery of all of our enterprise features, with best practices and Android Enterprise Recommended requirements set by default.”

This post was originally published by Techcrunch on techcrunch.com

Related posts