close

Samsung Mobile Security and Cookies

Our site uses essential cookies only. You can read our Privacy Policy and Cookie Policy for more information.

close

Samsung Mobile Security
Cookie Policy

Updated on Jan 17, 2022

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

Cookies

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

Essential Cookies: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie Domain Purpose
JSESSIONID security.samsungmobile.com to keep login session
lastActivityTime security.samsungmobile.com to save the user's last activity time to automatically logout after 30 minutes of inactivity

Managing Cookies and Other Technologies

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

Go straight to the menu Go straight to the text
Home>Rewards Program>ISVP

ISVP

Important Scenario Vulnerability Program

Samsung Mobile Security 16 Mar 2026

We launched a program in August 2024 for reports demonstrating critical attack scenarios with significant impact. If you find any vulnerabilities related to Arbitrary Code Execution on highly privileged targets, Unlocking Devices, Full User Data Extractions, or Arbitrary installation, you are able to receive up-to $1,000,000 which is the maximum amount covered by our program.

Requirements
  1. To participate in our Important Scenario Vulnerability Program (ISVP), a report must be submitted proving a successful attack targeting Important Scenarios. A report qualifies for the maximum reward amount when it satisfies all the requirements below.
    • Report should fully meet Good Report Bonus
    • Report should include buildable exploit proving successful attacks on defined Important Scenarios
    • Exploit should work consistently on the latest Security Update of latest Flagship devices (Galaxy S and Z series)
    • Exploit should execute without privileges
Important Scenarios
Arbitrary Code Execution on privileged targets
  1. Target Local ACE Remote ACE
    Knox Vault ~ $ 300,000 ~ $ 1,000,000
    TEEGRIS OS ~ $ 200,000 ~ $ 500,000
    Rich OS ~ $ 100,000 ~ $ 200,000
  2. * Full rewards for Knox Vault require proof of accessing credential related data stored in Knox Vault.
    * Targeting TEEGRIS OS doesn't include vulnerabilities of Trustlets. This target refers to Secure OS itself.
    * Rewards for targeting Rich OS depends on the escalated privileges and the functionality by ACE.
    * For Rich OS category, exploits including third-party vulnerabilities may qualify for ISVP.
       - Exploits using Samsung Mobile vulnerabilities are eligible for full reward.
       - Exploits combining Samsung Mobile and other vendor vulnerabilities may qualify for partial reward.
       - Exploits consisting solely of vulnerabilities in other vendor code are not eligible.
            - However, in cases where the exploit is consisted solely of vulnerabilities in Samsung DS, exploit may qualify for partial reward.
       - Exploits with vulnerabilities already known to us or 3rd party vendors may be deemed ineligible.
    * Full rewards for each targets should provide 0-click exploit with persistence.
Device Unlock & Full User Data Extraction
  1. Target After first unlock Before first unlock
    Device Unlock
    + Full User Data Extraction    		 ~ $ 200,000 ~ $ 500,000
  2. * We will provide partial rewards for exploits which prove partial success of this target.
Arbitrary Installation
  1. Target Adjacent Remote
    Arbitrary Applications ~ $ 50,000~ $ 100,000
  2. * Reports must demonstrate app installation from official stores (Galaxy Store, Play Store) or attackers' servers.
    * Reports demonstrating arbitrary application from an attacker's server will receive the maximum rewards.
    * Bonus reward are added for this category. Reports demonstrating installation with obtaining System privilege or granting dangerous/higher permission will receive extra bonuses.