Bongaigaon youth wins $5000 from Google for flagging major Android security bug

Guwahati, Dec 13: Bongaigaon born cyber security expert, Rony Das, has reported a bug in the Android Foreground Services which could be exploited by someone to hack into user data.

Speaking to The Assam Tribune, Rony Das said that he was creating a software when he faced some technical problems. He was trying to solve the issue which led him to the discovery of this particular vulnerability.

He reported it to Google in May, 2021, and since then he has been exchanging information on it. After almost six months, Google rewarded him $5000 USD for reporting the bug.

"As a recognition of your efforts, we would like to offer you a discretionary reward of $5000. Please note that this is a one-time exception to our normal procedures as a thank you for the high-quality submission and follow up information you provided," said an email from Google Android Security Team to Das.

He informed that the vulnerability could run background processes in Android without being detected by users. He also said that the bug he found defeats the purpose of having Android Foreground Services. His exploit bypasses this process and is able to access the hardware such as camera, microphone and location from the background without letting the user know or notifying anything.

Das further added that the bug has been fixed in the upcoming Android versions.