Community¶

Forums, chat platforms, bug bounty programs, and researchers in the Android security space.

Forums & Chat¶

Platform	Description
Android Security subreddit	Discussion of Android vulnerabilities, patches, and research
Mobile Hacking Discord	Community server for mobile security researchers
Frida Discord	Official Frida community for dynamic instrumentation help
OWASP Slack #mobile-security	OWASP community channel for mobile security discussion

For more detail on programs and payouts, see Standards & Bug Bounties.

Program	Scope	Max Payout
Google VRP	Android OS, Pixel devices, Google apps	$1,000,000 for full exploit chains. Up to $15,000 for critical single bugs.
Google Mobile VRP	First-party Android apps (Google, Fitbit, Waymo, Waze)	$30,000 for RCE without interaction. $7,500 for sensitive data theft.
Samsung Mobile Security Rewards	Samsung mobile devices, Knox, Galaxy Store	Up to $1,000,000 for critical chain on flagship devices
Qualcomm Bug Bounty	Snapdragon chipsets, modem firmware	Varies; covers baseband and TEE vulnerabilities
HackerOne Mobile Programs	Various mobile app vendors	Varies by program; filter by "mobile" scope

Researcher	Affiliation	Focus
Maddie Stone	Google Project Zero	Android 0-days, exploit chains, packer analysis
Sergey Toshin	Oversecured	Android app vulnerabilities, systematic vuln discovery
Lukas Stefanko	ESET	Android malware tracking, Play Store threats
Federico Valentini / Alessandro Strino	Cleafy	Banking trojan analysis, ATS research
Cengiz Han Sahin	ThreatFabric	Android banking malware naming and tracking