close

Samsung Mobile Security and Cookies

Our site uses essential cookies only. You can read our Privacy Policy and Cookie Policy for more information.

close

Samsung Mobile Security
Cookie Policy

Updated on Jan 17, 2022

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

Cookies

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

Essential Cookies: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie Domain Purpose
JSESSIONID security.samsungmobile.com to keep login session
lastActivityTime security.samsungmobile.com to save the user's last activity time to automatically logout after 30 minutes of inactivity

Managing Cookies and Other Technologies

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

Go straight to the menu Go straight to the text
Home>Security Post

Security Post

  • Announcement

    Annual Report in 2025

    Jasper Park, Head of Samsung Project Infinity at Samsung Mobile Security 16 Mar 2026
    1. We are pleased to present the third annual report of the Samsung Mobile Security Rewards Program, highlighting key security research contributions and vulnerability migration efforts in 2025.
    2. In 2025, we successfully identified and remediated numerous vulnerabilities thanks to valuable submissions from the global security research community.
    3. We sincerely appreciate the continued collaboration and dedication of security researchers worldwide.
    Review of 2025
    1. Review of 2025
    2. In 2025, Samsung awarded a total of $879,770 to security researchers for valid vulnerability reports.
      • We congratulate Vincenzo Bonforte for receiving the highest reward and securing the top position in the Hall of Fame.
      • We appreciate Dawuge, who has continuously collaborated with us and has been recognized as a Top 10 Hall of Fame researcher for five consecutive years.
      • Please check the 2025 Hall of Fame published today
    Trend Analysis
    1. While we celebrated first 1 million awards in 2024, the total rewards paid in 2025 amounted to about 880,000, representing a modest decline compared to 2024. We examined the trends over the past four years.
      • Valid reports averaged around 550 annually in 2022 and 2023, but dropped to 450 in 2024 and 2025.
      • However, total rewards increased from $850,000(2022 and 2023) to $940,000(2024 and 2025), with the average reward per report rising from 1,500 to over 2,000 (an increase over 30%).
    1. This positive trend aligns with our program's goal of "Ensuring customer safety through the discovery and proactive patching of high-impact vulnerabilities."
    2. However, the challenge remains to uncover more high-impact vulnerabilities in important scenarios.
    3. 4-Year Trend Analysis
    "ISVP (Important Scenario Vulnerability Program)"
    1. In August 2024, we launched the ISVP (Important Scenario Vulnerability Program) to strengthen the identification of crucial high-impact vulnerabilities.
    2. The eligibility requirements for ISVP are extensive, resulting in no eligible reports until now. However, in March 2026, the first valid ISVP report was successfully remediated.
    3. Details of this ISVP Case and an update including clearer policies and targets for the ISVP can be found in the "ISVP Milestone & Update" published today.
    4. We look forward to greater participation and contributions to proactively address more high-impact vulnerabilities in advance through the activated ISVP.
    5. ※ Since this annual report is based on vulnerabilities compensated in 2025, the first ISVP-related vulnerability will be included in next year's report.
    "Response to in-the-wild exploits"
    1. In 2025, reports based on real-world exploits were notable. With great assistance from Meta Security, we became aware that vulnerabilities in the specific media library used in our devices were being used exploited. We were able to update the severity of 1-day vulnerability, and address the 0-day vulnerability immediately.
    2. Additionally, Google Project Zero and Threat Analysis Group also reported further vulnerabilities in the same component, so we could address them immediately to effectively prevent potential exploits.
    3. We sincerely appreciate Meta, Google, and the security communities for their assistance and collaboration.
    “Ongoing Program Improvements”
    1. We are continuously working to improve program operations based on various feedback. We applied updates including the addition of a Security Update History section for greater transparency, and modifying the Eligible Target posting format to reduce confusion and enhance visibility. We are also reviewing measures to reduce the time required to complete the entire rewards process and minimize the communication delays.
    2. We would like to share that various discussions are ongoing regarding additional feedback that could further strengthen our program, and some updates require additional time to complete the discussions. We kindly ask your patience for a little longer!
    4. Through this program, we continue to strengthen the security of hundreds of millions of Samsung Galaxy devices used worldwide, helping protect our users from real-world threats. We strongly believe that responsible disclosure and close collaboration with the security research community are essential to protecting users and strengthening the broader mobile security ecosystem.
    1. Moving forward, we remain committed to strengthening the security of Samsung products and services through continued collaboration with the global security community.
    2. Additionally, I would like to express my gratitude to my team, Samsung Project Infinity, for the dedication and efforts in all aspects of rewards program operations, including vulnerability analysis and response.
    4. 감사합니다!
    5. Annual Reflection
  • Announcement

    ISVP Milestone & Update

    Samsung Mobile Security 16 Mar 2026
    1. We sincerely appreciate your continued interest and participation since the launch of the Important Scenario Vulnerability Program (ISVP) in August 2024. We are pleased to share key milestones as well as important policy updates regarding the ISVP.
    Celebrating the First Eligible Report
    1. We launched the ISVP to enhance the identification of high-impact vulnerabilities. However, due to the extensive eligibility requirements for ISVP, there had been no eligible reports until now.
    2. Yichen Chai and Sacha Kozma from BugScale submitted successful exploits for vulnerabilities within SmartSwitch and Galaxy Store, which align closely with the objectives of operating the ISVP, and the vulnerabilities were successfully remediated in March 2026. We would like to take this opportunity to recognize the the first successful ISVP submission.
    3. They successfully submitted reports demonstrating remote and local arbitrary installation, corresponding to the “Arbitrary Application Install” category of the ISVP. Thanks to their active collaboration in contributing to the patch process, all vulnerabilities have been resolved through the March Applications Update, and a total reward of $150,000 is currently being processed in accordance with the ISVP policy.
    4. We appreciate BugScale’s great assistance and their participation in this exciting journey, and we look forward to more interest and participation from you to make ISVP activated.
    Policy Updates
    1. We have received requests from many researchers for clearer explanations of the eligibility scope, as well as consideration of expanding the program scope. We have carefully reviewed this feedback and completed our internal review. We are now updating the ISVP policy as follows.
    New Scope: Beyond Samsung Mobile Components
    1. One of the major concerns was that for some targets, it is difficult to specify the eligible scope of ISVP before submitting the report. Researchers invested significant effort in researching Galaxy devices and submitted eligible exploits to ISVP, but in cases where the issue is found to originated from the code developed by the chipset vendors, the reports are determined as ineligible for ISVP. Many researchers have expressed that this approach may be unfair and requires improvement.
    2. It is difficult to include reports as eligible targets for our Rewards program, for vulnerabilities stemming from other companies’ implementation. Therefore, for both the Samsung Mobile Security Rewards Program and the Important Scenario Vulnerability Program, only vulnerabilities arising from Samsung Mobile’s implementation are considered eligible reports, while vulnerabilities related to other companies are determined ineligible.
    3. After careful review, we have decided to expand the eligible scope of the ISVP program in line with its special purpose of proactively receiving and resolving important vulnerabilities. For the “Arbitrary code execution” category targeting Rich OS, we are expanding the scope to include ISVP reports that involve vulnerabilities stemming from other vendors’ implementation as eligible for partial rewards.
    4. Here is the updated policy for eligible scope and rewards of Rich OS ACE.
      • Exploits utilizing vulnerabilities found in Samsung Mobile code: Eligible (Full Reward)
      • Exploits combining vulnerabilities in Samsung Mobile code and other vendor code: Eligible (Partial Reward)
      • Exploits consisting solely of vulnerabilities in other vendor code without Samsung Mobile vulnerability: Not eligible (No Reward)
        • In cases where the exploit is consisted solely of vulnerabilities in Samsung DS: Eligible (Partial Reward)
    Updated Targets and Rewards
    1. Based on extensive analysis of reported vulnerabilities and ongoing security improvements, the targets and rewards for each category of ISVP have been updated.
    Rich OS ACE
    1. The maximum reward amount for Arbitrary Code Execution in Rich OS has been adjusted.
      • Local : $150,000 → $100,000
      • Remote : $300,000 → $200,000

         Note: As explained above, exploits that include vendor vulnerabilities for this category can be considered eligible reports for partial rewards.
    TEEGRIS ACE / BFU Data Extraction
    1. The maximum reward amounts for the two categories have been adjusted as follows
      • TEEGRIS OS - Remote ACE : $400,000 → $500,000
      • Device Unlock - Full User Data Extraction from BFU : $400,000 → $500,000
    Arbitrary Installation
      • The existing “Remote” category has been divided into “Adjacent” and “Remote”, while the “Local” category is removed.
      • Bonus reward are added for this category. If reports successfully demonstrate installation with obtaining System UID or granting dangerous or higher-level permissions, they will receive an extra bonus.
    Bypass of Device Protection Solution
    1. Due to the stable operation of the Auto Blocker, the relevant item has been decided to be removed from ISVP.
    1. For more detailed information on the updates, please refer to the newly added ISVP page on our website.
  • Announcement

    Annual Report in 2024

    Jasper Park, Lead of Samsung Project Infinity at Samsung Mobile Security 04 Jun 2025
    1. We are pleased to announce the release of the 2024 Annual Report for Samsung Mobile Security Rewards Program, following last year's publication.
    2. This report highlights the program's continued growth and progress, sharing our achievements with our valued community. While the 2023 Annual Report was released later than anticipated, we aimed to prepare this year's report earlier. However, we apologize for its delayed release and we will strive to deliver the report even earlier next year.
    3. We sincerely appreciate security researchers and communities, our cherished friends. Your support and feedback are the most crucial driving forces behind the program's continuous development. In 2024, thanks to your valuable contributions, we were able to make our products and services even safer.
    4. As a result, the program's total annual rewards exceeded $1 million for the first time in its history. While we still have a long way to go, this reflects our commitment to continuous improvement and growth.
    5. We look forward to continuing this journey together and encourage our friends to keep sharing your insights and expertise. Your contributions are invaluable, and we are grateful for your collaboration.
    6. Our goal for 2025 is to double the number of high-impact reports and further enhance our collaboration with the community.
    Review of 2024
    1. Review of 2024
    2. Since launching our Rewards Program in 2017, we have paid out over $6,000,000 rewards to date.
    3. In 2024, we awarded $1,029,380 in total to 105 researchers, marking the program's first annual reward of $1 million.
    4. We are deeply grateful for your contributions.
      • A total of $1,029,380 was awarded to 105 researchers.
      • Yifei Xie holds the record for the highest cumulative reward.
      • hackpotato received the highest single report reward.
    6. Last August, we introduced the ISVP and Bonus Reward programs, offering various rewards for different targets, including a maximum reward of $1M, along with additional bonuses. (For those who may still be unaware, please refer to the links for ISVP and Bonus Rewards.)
    7. However, many of highly awarded reports, including the top rewards, were submitted before the launch of Bonus Reward and ISVP, resulting in additional bonuses not being awarded. Additionally, after launching these new programs, although we have received various reports targeting ISVP, no reports have yet met the ISVP criteria to claim the reward.
    8. We are prepared to offer higher rewards for critical scenarios with high-impact vulnerabilities. We kindly ask for more attention and participation and hope to have the opportunity to offer ISVP rewards before the end of this year.
    We recognize that,
    1. we still have progress to make and are committed to refining our approach through continuous learning and improvement.
    2. Last month, with the release of the Hall of Fame, we received feedback from friends who provided significant help to our program last year. We acknowledged the need for improvements in various areas, so after having many discussions, we are conducting internal reviews.
    3. Here are a few examples:
      • There was feedback regarding the unclear explanation and operational approach for ISVP and Good Report Bonus.
        • We are preparing updates that include clearer and more intuitive guidance.
      • Suggestions were provided about improving the transparency of duplicate report.
        • For reports identified as 'Duplicated' (if the vulnerability has already been reported or is preparing patch after being found internally), we are preparing to provide additional explanations or (when possible) references during the process.
      • There was a request to share the patch schedule in advance.
        • We are reviewing options to share confirmed patch schedules with reporters ahead of the public Security Update disclosure.
    5. Through your diverse advices, we are filling the gaps by reflecting on aspects we had not considered before, and we believe that through close collaboration, we can create a safer product ecosystem.
    6. We always welcome suggestions for improvement.
    We are planning to,
    1. encourage reports on high-impact vulnerabilities.
    2. Gradually increasing high-impact vulnerabilities
    3. In 2024, the proportion of high-impact vulnerabilities, including remote code execution vulnerabilities, has been gradually increasing. By increasing the number of high-impact reports, we could proactively prevent serious impact on products, and offer more rewards to our friends. So, we also aim to strengthen rewards for higher-severity vulnerabilities.
    4. We continuously explore ways to encourage more research including activating the ISVP and enhancing rewards for high-impact reports. We will share additional updates on this matter as well.
    1. Based on diverse feedback and internal discussions, we will operate the program in a way that fosters greater trust and comfort for our friends to share their findings. If you have any good suggestions and feedback to help us fill in the gaps, please feel free to share them with us via mobile.security@samsung.com or through our website.
    2. Once again, I would like to express my heart felt gratitude to my friends, our valuable security researchers. And I sincerely appreciate for the efforts of my team, Samsung Project Infinity at Samsung Mobile Security.
    3. 감사합니다!
  • Announcement

    Update to Our PGP Key for Email Reports and Communications

    Samsung Mobile Security 04 Jun 2025
    We are updating our PGP key, which is used for email reports and communications. Please refer to the following details.

    - User name: Samsung Mobile Security
    - Fingerprint: B146 7CFB F71D BB18 84E2 6FAC 9151 3E50 B0FB FD2F
    - Expires at: 2027-05-29
    - Key type: RSA 4096 bits


    -----BEGIN PGP PUBLIC KEY BLOCK-----

    mQINBGg3sScBEACzgTLIhwmGzimXDdxAhC3sVt0OcVshOs+3fsBJBJ/mMz7Ghb9L
    E485mqa9knPnORKd5pnfrS9GctANeh4W3+V8R+20U3IKq27SxM0TB2HqdoVaIhxP
    p3/7qPA0XIg+JHmBQDOM3Ra2AWt9nNqNwJz+nEcXmIobDL/0jRHdD/6eYJtXVgAr
    qsuBb45QQl5Ovq3Y//aH4EypMieDWtZKhUOmMHtUn08UiY3LysvBSLFK125qWDeO
    YshSeParO9br4bHDO/q/OuMQM2qqp+YkA9ij8rM0Hlc4ZZpcK1iuuAOc1fSUVi0G
    cVMw0rg4h/vjete4GKrhoGeLspmqiD1twx4cr4sXLa+nB60XqgXYB0bHyKuuNx4t
    8O11wVT36fBnjsT16ouvQEY2lDYdoYDaX3aQLYE53IbbGndsSHrMC5wV5S0tL6i0
    XboiV+h4wA6QRUNHCVfBwDqVKzksyeD8rDWc0CEuz3rw2wHMNZpAMjU/GBNHJjAc
    8GH/7ymFb/XViow8xjNXAdiEs7OdmWr8Hi+eGvhXjILOeyJsnPTZlY0MXvemJtRD
    IOb+FB3SPzyaaeW/lOAG/nJkra2aj7gdXtYxGVZp1v4xQ0o51+dBInd85DvXaElR
    usd/O+VYFDkZAl1zqGlLGXhZcIF+u88k7T9kjjrpdaXgdpEt8ANT6sY0sQARAQAB
    tDVTYW1zdW5nIE1vYmlsZSBTZWN1cml0eSA8bW9iaWxlLnNlY3VyaXR5QHNhbXN1
    bmcuY29tPokCVwQTAQoAQRYhBLFGfPv3HbsYhOJvrJFRPlCw+/0vBQJoN7EnAhsD
    BQkDwmcABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEJFRPlCw+/0v+XMP
    /jZ5QOEDl5Y0x+FUOjp7GHTzII3asucOxrkRFmvmc5nobAzwzBAqqWG0SZOBqG1y
    rxyCRc4pB7zMQucRWZjGIIjgBT8bWY4JDbsH+FhUCa2nM/OKBSg7SAnJ0KwaQQJG
    oryVMvKT3S7+jFoupaJwrwvplEjqeKOsj/PGa5XUVRpJUq9zzwIGuhkSefmEoMJ7
    OQo+cHuq021+KXPVbmsocwK3XnITOP8dP4YfiA4ZB6g5IpQK/hwW2eQj4p05oXia
    2tTFbfG1UN+zkIbXKlt88jUz6/CSkGMVOMlXtfIYij+mFmStf52AZ1Fi0bw/mlyA
    S5lpi4xgeKBajZGPaaKUYQcpEHdcHf36a3OCOWEpeU/MwGBzbC4btTEzJqNe5Mpg
    2Ly8wXARpvd34YSD25F8YUT60dBWD+g7mdeFqtGOH/XsL4Qtxf55EGruHS8kT8FS
    ixBerXJpoFjSoC+jMHodt2q65ohSr300TWl99op5UAlxTJUtldO5zLA6qzuBNFWa
    ENu8SZVaiHILDPqoXhfkQ299m5BrhgVy1C+f+gSWi+1lSZQ183fqeqDx2PfxUf6b
    0TLd6dgqYurhF03OePeCi7Jky91+UQLrkZEivHdhWq+0Y6D1v/SjUVl9ELKzcyE+
    raRqpcEkuIz/pobBSDtHgAAkuF7y0/keKt8Sy296fMOauQINBGg3sScBEAC8yB4o
    WVvRR4GJ57ThDRi0ieSXL3u8Z6duYX5Kly7BHJn2djKmJtZgdF5/qJGL4PgNU8ql
    5mbkgMISapZlQCdco67GHseFSKIoHeKwVExRC3d33PJK248AgMT11DHr/GJxc/j/
    HRVCawxEpEdDanmmkRKczmN2NOGH9MOmCwdPiq+xxX75cMWGrmLZceLHP05rx7c2
    5hhNJ0YuF/YM/yW5lC9CKBhDSYznIDMnntFU/v6Ric6NPQPcfsmj6AzOZP4B7/mS
    x5yT4UV/ZumPl05G8BCwoN5oOTY4lbHWIPm6YKH662h/WMVoaPZV8oY8H2Ihd/59
    qp6V7aA1XaEC6fRZYu4uiBJZ0E+jjvBNldpLDT43pvtR8izfGCxeSORbiMTc6mrN
    j1N4PSsAawMfpAJhmcT6kFCHw+5oWEJBM0GXmqwtcE/WrQkmpbK8oBXy1IZPuzjG
    IlGMJjsyuGePAsul5X7kaPtLuryfKkj12yRP/1VZxtGEnr6JoLMj0N+JxzlhOYAy
    9QXJNRo/c8eXf/uUMGIs6PIc+Y/egvOr4HeFEGZPVTfhvFhPEiGXupLZV9uTnXON
    AQkHCbbq8nrZZ8yznlPu+YGBPIKL1kqMvtHfmIuQomaP/urAwY4ksw6Xlh2Elmb7
    u2mYQKOE7o6LUPLl/y6gkaRKF7rvkowU9QWJiQARAQABiQI8BBgBCgAmFiEEsUZ8
    +/cduxiE4m+skVE+ULD7/S8FAmg3sScCGwwFCQPCZwAACgkQkVE+ULD7/S8bvQ//
    az+3/HCoiCDgXpoSrIVgTrYsSbEY2octTrjQZhUWrWGvj9T68Y6IzGP0YwNNgzlp
    G8jVElDcdaVceXSwQb7m+0oPIRnUHG17GJ0ohQ/E9yafCs+qEom3oaDw8QjfolSn
    2eb9ly4L9BPTUBNsms6p60OTAW8eUxIpuThTmQo/ZG3uDmtBNlyrpqD3d9hhYHkF
    6EEV88iR+YJpFh5/FDMrBd0nEo/AYL0BTIrzxZLtTOm2xDi6UXmNEotSrJIac70q
    oa/RbDj4Kx8ETp+OF1kqlCxtKVanjBLAecooR6Vtrar5HgCBxSFRAbvzJ+dgeH3w
    +lYxiSk6iV9Fwg8Yx23sedA80nNr5PN1JCoJAQWWVk0nysr6VeXrAtYhnDQ8M01m
    avBzcuUjWzB5YH3JNyZ4BqlpZHAPjQedjM8RaAZk2pRwuUxPezxO/phkdXzEqIdK
    67WpeHqmrvyjyteCxjEH4gnsE/0YN3Nao7G4MwCoLZtoZz7lWQ010qMENw7LADq8
    RSllaqhpTRgp9tndMoeFOHGC7k9LlkYmUXZ8FsiXMVgFlnAbs8eHD/o901wnn4I4
    cBerGvWucrT1t2Vvn81R07zCViMHwqH5YuOiYH6uaKfl7Oj8f0y/tmVtd5DPWS0Q
    UMrdEe+iT6oPOJD2aM0LaqpMFRpegCKKf+Yq2kx85P8=
    =D4vJ
    -----END PGP PUBLIC KEY BLOCK-----
  • Announcement

    Annual Report in 2023 and New Announcements

    Jasper Park, Lead of PSIRT at Samsung Mobile Security 06 Aug 2024
    1. It has been more than 6 years since we officially launched Samsung Mobile Security Rewards Program, and today, we are finally releasing our first ever "Annual Report" for the Rewards Program.
    2. annual Report
    3. Although there have been many challenges and difficulties in running our Rewards Program, with the help of numerous security experts and communities around the world, it has been able to run our Rewards Program.
    4. The program was started with the goal of securing our products by receiving vulnerabilities that were not detected internally with external security communities' help. As we received more and more reports, and analyzed and rolled out patches for them, our products became securer and safer. Thanks to the assistance from our valuable researchers.
    6. After running the program for several years, the Biggest Lesson Learned is that Researchers are my dear and grateful friends who take their time to look at our products from various perspectives and help make them secure and safe.
    7. I sincerely appreciate your help, 감사합니다!
    9. With the help of our friends, our Rewards Program has continued to evolve, and as part of it, I will summarize a review of the program in 2023.
    Review of 2023
    1. Review of 2023
    2. Since starting our official Rewards Program in 2017, we have paid about $5 million. In 2023, we rewarded over $800,000 to 113 researchers.
      • Rewarded $827,925 to 113 researchers
      • The highest reward in one report was $57,190 by TASZK Security Labs.
      • The researcher with the highest total reward was also TASZK Security Labs.
      • The researcher with most reports was Oversecured Inc.
    4. Among all of dedicated my friends, there are two that deserve special appreciation.
      • TASZK Security Labs who helped us from long time ago was a researcher whose report received the highest single reward in 2023. There impressive researches helped secure our products against potential remote attacks. Although Exynos Baseband related reports became out of scope with our program and his reports involved chains with baseband, resulting in a reduction of the overall reward, it was still TASZK Security Labs who received the highest total payout in 2023.
      • Oversecured is one of our best friends, having submitted numerous valuable reports since their initial report with us back in 2021. In 2023, they reported the greatest number of valid reports. Their valuable researches have covered various targets including applications and frameworks, helping us towards securing diverse targets of and introducing novel types of vulnerabilities in our products. (they were also ranked as the top researcher who filed the most reports and received the highest total rewards in 2022.)
    7. We sincerely appreciate all of our friends who worked with us with the valuable findings. It was all thanks to your efforts that we were able to run this program and make our products and services more safe and secure to keep our customers from potential attacks.
    8. In order to collaborate better with our friends, we have continuously made efforts to listen to your voices. As a result, we have come to the conclusion that an update is required to work more closely with you and run a better Rewards Program.
    And we are now
    1. And we are now understanding the needed updates what we learned your voices of worries and complaints.
    2. We cannot emphasize enough how much we appreciate all the researchers for working with us and we hope to get greater interest from more security experts, researchers and Galaxy users.
    3. We fully understand that it may have become harder and harder to find vulnerabilities with the products, as we are working effortlessly for additional security features while releasing security patches as quickly as possible and as often as possible to keep our customers safer.
    4. So some may be discouraged to submit findings with a concern that it may be an inefficient research due to potentially low rewards compared to the efforts.
    5. And we also understood your concerns regarding the transparency of criteria and unpredictable reward amounts.
    6. Good news!
    7. We are very excited to announce the largest update we have ever done since releasing our Rewards Program.
    8. In order to encourage more researchers and users to participate in Samsung Mobile Security Rewards program, we have set new goals. Below is some of our initiatives to the find the best win-win path forward for Samsung and our friends as part of improving our program.
    As transparent as possible
    1. We have heard many voices stating difficulty in predicting the severity and reward amounts. So we are now sharing updates indicating clearer criteria of severity and factors used for rewards amount. And please also refer to the FAQ for most frequent inquiries and discussions.
    Don’t let your efforts go in vain
    1. We have tried to find ways to offer higher rewards for reports with high impact reports and high quality reports. And now we want to introduce our new Program and Bonus Rewards which provide extra reward and maximum amount covered by our program.
    2. Please refer to the Good Report Bonus and Important Scenario Vulnerability Program.
    AI Security
    1. We started a pilot rewards program for Samsung mobile AI Security.
    2. We hope to get your interest and active participation for Samsung Mobile AI Security. Since we are in early stage for this, working on setting up the policies for reports related to AI Security, your interests and researches will greatly help us to finalize our policies and standards.
    1. We want your continuous interest in Samsung Mobile Security Rewards Program. Stay tuned!
    2. We are preparing additional programs, announcements, and events within 2024.
    4. I would like to express my gratitude to my friends, our valuable security researchers.
    5. And I sincerely appreciate for the efforts of my team, PSIRT at Samsung Mobile Security.
No Contents.
Archive