The Android Security Team would like to thank the following people and parties for helping to improve Android security. They have done this either by finding and responsibly reporting security vulnerabilities through the AOSP bug tracker Security bug report template or by committing code that has a positive impact on Android security, including code that qualifies for the Patch Rewards program.
2023
Note: Starting in 2018 and continuing in 2023, the security acknowledgements are listed by month. In prior years, acknowledgements were listed together.
February
| Researchers | CVEs |
|---|---|
| Bob Zamani of Google | CVE-2023-20942 |
| C_C | CVE-2022-20455, CVE-2023-20943 |
| Dmitry Myachin | CVE-2022-20551 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2022-47331 |
| Hongguang Chen and Devin Moore of Google | CVE-2023-20940 |
| Isaac Manjarres of Google | CVE-2023-20949 |
| Jann Horn of Google Project Zero | CVE-2023-20937 |
| Le Wu of Baidu Security | CVE-2022-33225 |
| Lewei Qu(曲乐炜) | CVE-2022-47339 |
| Linus Tufvesson of Google | CVE-2022-20443 |
| Mayank Garg of Google | CVE-2023-20927 |
| Michał Bednarski (michalbednarski) | CVE-2023-20944 |
| Mohammed Anwarullah of Google | CVE-2023-20939 |
| Pengfei Ding (丁鹏飞) | CVE-2022-25711 |
| Peter Park | CVE-2022-33233 |
| Peter Park (peterpark) | CVE-2022-33248 |
| Sergej Salnikov of Google | CVE-2023-20934 |
| Shufan Yang(杨书范) of Baidu AIoT Security Team | CVE-2023-20602 |
| Sithi | CVE-2023-20932 |
| Zi Fan Tan of Google | CVE-2023-20938 |
| Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2023-20945, CVE-2023-20948 |
January
| Researchers | CVEs |
|---|---|
| C_C | CVE-2022-20456, CVE-2022-20489, CVE-2022-20490, CVE-2022-20492, CVE-2022-20493, CVE-2023-20922 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2022-22079, CVE-2022-44425, CVE-2022-44426 |
| Jann Horn of Google Project Zero | CVE-2023-20928 |
| Karan Lalwani | CVE-2023-20921 |
| Le Wu of Baidu Security | CVE-2022-25722 |
| Lewei Qu(曲乐炜) | CVE-2022-44434, CVE-2022-44435, CVE-2022-44436, CVE-2022-44437, CVE-2022-44438 |
| Michał Bednarski (michalbednarski) | CVE-2023-20904 |
| Mitch Phillips using HWASan | CVE-2023-20920 |
| Mohammed Anwarullah of Google | CVE-2023-20925 |
| Muhammad Hasan Khan of Google | CVE-2023-20919 |
| nicolas (nicolas1993) | CVE-2022-25715, CVE-2022-25717, CVE-2022-25721 |
| Sithi | CVE-2022-20494, CVE-2023-20912, CVE-2023-20913, CVE-2023-20915 |
| wrlu | CVE-2023-20923 |
| Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab | CVE-2023-20905 |
| Xie Yifei | CVE-2022-44427, CVE-2022-44428, CVE-2022-44429, CVE-2022-44430, CVE-2022-44431, CVE-2022-44432 |
| Xingyu Jin of Google | CVE-2022-20235 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2022-20213, CVE-2022-20214, CVE-2022-20215, CVE-2022-20458 |
| Zhongquan Li @ ADLab of VenusTech | CVE-2022-32637 |
| Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2022-20461, CVE-2022-32635, CVE-2022-33255 |
Additional Contributions
We would also like to acknowledge the contributions of the following individuals to Android security:
- Yu-Cheng Lin (林禹成) (@AndroBugs)
2022
Note: Starting in 2018 and continuing in 2022, the security acknowledgements are listed by month. In prior years, acknowledgements were listed together.
December
| Researchers | CVEs |
|---|---|
| Aman Pandey of bugsmirror | CVE-2022-20510, CVE-2022-20511, CVE-2022-20525, CVE-2022-20535, CVE-2022-20538 |
| Andrey Artemiev of Google | CVE-2022-20581, CVE-2022-20600 |
| Ben | CVE-2022-20543 |
| Bo Zhang (张波) of Bytedance Wuheng Lab | CVE-2021-39795 |
| David McGregor, UL | CVE-2022-20199 |
| Dimitrios Valsamarasof Microsoft | CVE-2021-39617 |
| Edward Cunningham of Google | CVE-2022-20475, CVE-2022-20512 |
| Florian Mayer of Google | CVE-2022-20523 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2022-39106, CVE-2022-39129, CVE-2022-39130, CVE-2022-39131, CVE-2022-39132, CVE-2022-39133, CVE-2022-39134, CVE-2022-42755, CVE-2022-42756, CVE-2022-42770, CVE-2022-42771, CVE-2022-42772 |
| Hongli Han(@hexb1n) and Guang Gong(@oldfresher) of 360 Alpha Lab | CVE-2022-20514, CVE-2022-20540 |
| Jeong Wook Oh of Google | CVE-2022-20582, CVE-2022-20583, CVE-2022-20584, CVE-2022-20585, CVE-2022-20586, CVE-2022-20587, CVE-2022-20588, CVE-2022-20589, CVE-2022-20590, CVE-2022-20591, CVE-2022-20592, CVE-2022-20597, CVE-2022-20598, CVE-2022-20599, CVE-2022-42531, CVE-2022-42532, CVE-2022-42534 |
| Keith Mok of Google | CVE-2022-20483 |
| Kevin Kou of Google | CVE-2022-20477 |
| Lewei Qu(曲乐炜) of Baidu AIoT Security Team | CVE-2022-42754 |
| Lucian of OPPO Amber Security Lab | CVE-2022-20559 |
| Manjeet Rulhania of Google | CVE-2022-20495 |
| Matheus Eduardo Garbelini | CVE-2021-30348 |
| Michał Bednarski (michalbednarski) | CVE-2022-20474 |
| Mike McTernan of Google | CVE-2022-42543 |
| Mitch Phillips using HWASan | CVE-2022-20561 |
| Mohammed Anwarullah of Google | CVE-2022-20548 |
| Peter Park (peterpark) | CVE-2022-25682, CVE-2022-25695 |
| Phil Burk of Google | CVE-2022-20562 |
| Pratheesh P Narayanan | CVE-2022-20124 |
| RA Position at CactiLab (https://cactilab.github.io/) of University at Buffalo | CVE-2022-20520 |
| Robert Tseng | CVE-2022-20544 |
| Seonung Jang(@IFdLRx4At1WFm74) of STEALIEN | CVE-2022-25677 |
| Sergei Volokitin | CVE-2022-32594, CVE-2022-32596, CVE-2022-32597, CVE-2022-32598 |
| SHIHAB P M | CVE-2022-20611 |
| Sithi | CVE-2022-20501 |
| stardesty of HSSL | CVE-2022-20411, CVE-2022-20469 |
| Steve Thomas (@Sc00bzT) | CVE-2022-20497 |
| su4do4 | CVE-2022-20568 |
| Syed Rafiul Hussain, Abdullah Al Ishtiaq, Penn State; Imtiaz Karim, Elisa Bertino, Purdue; Omar Chowdhury, University of Iowa | CVE-2022-25685 |
| System and Software Security Lab in Fudan University | CVE-2021-0934 |
| Timur Mikhaylin | CVE-2022-20529 |
| Tomasz Kuchta | CVE-2022-20569 |
| Vishnu Nair of Google | CVE-2022-20444 |
| William Escande of Google | CVE-2022-20547 |
| Xin Zhao of Google | CVE-2022-20574, CVE-2022-20575 |
| Xingyu Jin of Google | CVE-2021-39660 |
| Xuan Xing (Android Security Assurance Red Team) | CVE-2020-0465, CVE-2022-42529, CVE-2022-42530 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2022-20504, CVE-2022-20536, CVE-2022-20558 |
| Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2022-20468, CVE-2022-20509, CVE-2022-20513, CVE-2022-20516, CVE-2022-20521, CVE-2022-20526, CVE-2022-20527, CVE-2022-20539, CVE-2022-20541, CVE-2022-20546, CVE-2022-20549, CVE-2022-20552, CVE-2022-20557, CVE-2022-20576, CVE-2022-20577, CVE-2022-20578, CVE-2022-20579, CVE-2022-20593, CVE-2022-20594, CVE-2022-20595, CVE-2022-20596, CVE-2022-42501, CVE-2022-42502, CVE-2022-42503, CVE-2022-42504, CVE-2022-42505, CVE-2022-42506, CVE-2022-42507, CVE-2022-42508, CVE-2022-42509, CVE-2022-42510, CVE-2022-42511, CVE-2022-42512, CVE-2022-42513, CVE-2022-42514, CVE-2022-42515, CVE-2022-42516, CVE-2022-42517, CVE-2022-42518, CVE-2022-42519, CVE-2022-42520, CVE-2022-42521, CVE-2022-42522, CVE-2022-42523, CVE-2022-42525, CVE-2022-42526, CVE-2022-42542 |