close

Samsung Mobile Security and Cookies

Our site uses essential cookies only. You can read our Privacy Policy and Cookie Policy for more information.

close

Samsung Mobile Security
Cookie Policy

Updated on Jan 17, 2022

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

Cookies

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

Essential Cookies: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie Domain Purpose
JSESSIONID security.samsungmobile.com to keep login session
lastActivityTime security.samsungmobile.com to save the user's last activity time to automatically logout after 30 minutes of inactivity

Managing Cookies and Other Technologies

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

Go straight to the menu Go straight to the text
Home>Security Post

Security Post

Announcement
Prev

Annual Report in 2025

Jasper Park, Head of Samsung Project Infinity at Samsung Mobile Security 16 Mar 2026
  1. We are pleased to present the third annual report of the Samsung Mobile Security Rewards Program, highlighting key security research contributions and vulnerability migration efforts in 2025.
  2. In 2025, we successfully identified and remediated numerous vulnerabilities thanks to valuable submissions from the global security research community.
  3. We sincerely appreciate the continued collaboration and dedication of security researchers worldwide.
Review of 2025
  1. Review of 2025
  2. In 2025, Samsung awarded a total of $879,770 to security researchers for valid vulnerability reports.
    • We congratulate Vincenzo Bonforte for receiving the highest reward and securing the top position in the Hall of Fame.
    • We appreciate Dawuge, who has continuously collaborated with us and has been recognized as a Top 10 Hall of Fame researcher for five consecutive years.
    • Please check the 2025 Hall of Fame published today
Trend Analysis
  1. While we celebrated first 1 million awards in 2024, the total rewards paid in 2025 amounted to about 880,000, representing a modest decline compared to 2024. We examined the trends over the past four years.
    • Valid reports averaged around 550 annually in 2022 and 2023, but dropped to 450 in 2024 and 2025.
    • However, total rewards increased from $850,000(2022 and 2023) to $940,000(2024 and 2025), with the average reward per report rising from 1,500 to over 2,000 (an increase over 30%).
  1. This positive trend aligns with our program's goal of "Ensuring customer safety through the discovery and proactive patching of high-impact vulnerabilities."
  2. However, the challenge remains to uncover more high-impact vulnerabilities in important scenarios.
  3. 4-Year Trend Analysis
"ISVP (Important Scenario Vulnerability Program)"
  1. In August 2024, we launched the ISVP (Important Scenario Vulnerability Program) to strengthen the identification of crucial high-impact vulnerabilities.
  2. The eligibility requirements for ISVP are extensive, resulting in no eligible reports until now. However, in March 2026, the first valid ISVP report was successfully remediated.
  3. Details of this ISVP Case and an update including clearer policies and targets for the ISVP can be found in the "ISVP Milestone & Update" published today.
  4. We look forward to greater participation and contributions to proactively address more high-impact vulnerabilities in advance through the activated ISVP.
  5. ※ Since this annual report is based on vulnerabilities compensated in 2025, the first ISVP-related vulnerability will be included in next year's report.
"Response to in-the-wild exploits"
  1. In 2025, reports based on real-world exploits were notable. With great assistance from Meta Security, we became aware that vulnerabilities in the specific media library used in our devices were being used exploited. We were able to update the severity of 1-day vulnerability, and address the 0-day vulnerability immediately.
  2. Additionally, Google Project Zero and Threat Analysis Group also reported further vulnerabilities in the same component, so we could address them immediately to effectively prevent potential exploits.
  3. We sincerely appreciate Meta, Google, and the security communities for their assistance and collaboration.
“Ongoing Program Improvements”
  1. We are continuously working to improve program operations based on various feedback. We applied updates including the addition of a Security Update History section for greater transparency, and modifying the Eligible Target posting format to reduce confusion and enhance visibility. We are also reviewing measures to reduce the time required to complete the entire rewards process and minimize the communication delays.
  2. We would like to share that various discussions are ongoing regarding additional feedback that could further strengthen our program, and some updates require additional time to complete the discussions. We kindly ask your patience for a little longer!
  4. Through this program, we continue to strengthen the security of hundreds of millions of Samsung Galaxy devices used worldwide, helping protect our users from real-world threats. We strongly believe that responsible disclosure and close collaboration with the security research community are essential to protecting users and strengthening the broader mobile security ecosystem.
  1. Moving forward, we remain committed to strengthening the security of Samsung products and services through continued collaboration with the global security community.
  2. Additionally, I would like to express my gratitude to my team, Samsung Project Infinity, for the dedication and efforts in all aspects of rewards program operations, including vulnerability analysis and response.
  4. 감사합니다!
  5. Annual Reflection
Recently Post
  • Announcement
    Annual Report in 2025

    16 Mar 2026

  • Announcement
    ISVP Milestone & Update

    16 Mar 2026

  • Announcement
    Annual Report in 2024

    04 Jun 2025

  • Announcement
    Update to Our PGP Key for Email Reports and Communications

    04 Jun 2025

  • Announcement
    Annual Report in 2023 and New Announcements

    06 Aug 2024

Categories
Archive