xref: /docs/source.android.com/src/security/overview/acknowledgements.jd

page.title=Android Security Acknowledgements
@jd:body

<!--
    Copyright 2015 The Android Open Source Project

    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
    You may obtain a copy of the License at

        http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
-->
<div id="qv-wrapper">
  <div id="qv">
    <h2>In this document</h2>
    <ol id="auto-toc">
    </ol>
  </div>
</div>

<p>The Android Security Team would like to thank the following people and
parties for helping to improve Android security. They have done this either by
finding and responsibly reporting security vulnerabilities through the AOSP bug
tracker <a
href="https://code.google.com/p/android/issues/entry?template=Security%20bug%20report">Security
bug report</a> template or by committing code that has a positive
impact on Android security, including code that qualifies
for the <a href="https://www.google.com/about/appsecurity/patch-rewards/">Patch
Rewards</a> program.</p>

<h2 id=2016>2016</h2>

<div style="LINE-HEIGHT:25px;">

<p>Abhishek Arya of Google Chrome Security Team</p>

<p>Broadgate Team</p>

<p>David Riley of the Google Pixel C Team</p>

<p>Dongkwan Kim (<a href="mailto:dkay (a] kaist.ac.kr">dkay (a] kaist.ac.kr</a>) of System Security Lab, KAIST</p>

<p>Gal Beniamini (<a href="https://twitter.com/@laginimaineb">@laginimaineb</a>, <a href="http://bits-please.blogspot.com/">http://bits-please.blogspot.com</a>)</p>

<p>Gengjia Chen (<a href="https://twitter.com/@chengjia4574">@chengjia4574</a>) from Lab 0x031E of Qihoo 360 Technology Co. Ltd</p>

<p>Hongil Kim (<a href="mailto:hongilk (a] kaist.ac.kr">hongilk (a] kaist.ac.kr</a>) of System Security Lab, KAIST</p>

<p>Jann Horn (<a href="https://thejh.net/">https://thejh.net</a>)</p>

<p>jfang of KEEN lab, Tencent (<a href="https://twitter.com/k33nteam">@K33nTeam</a>)</p>

<p>Jouni Malinen PGP id EFC895FA</p>

<p>Martin Barbella of Google Chrome Security Team</p>

<p>Oliver Chang of Google Chrome Security Team</p>

<p>Quan Nguyen of Google Information Security Engineer Team</p>

<p>Qidan He (<a href="https://twitter.com/@Flanker_hqd">@Flanker_hqd</a>) of KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent</p>

<p>Sen Nie (<a href="https://twitter.com/@nforest_">@nforest_</a>) of KEEN lab, Tencent (<a href="https://twitter.com/k33nteam">@K33nTeam</a>)</p>

<p>Seven Shen (<a href="https://twitter.com/@lingtongshen">@lingtongshen</a>) of Trend Micro (<a href="http://www.trendmicro.com">www.trendmicro.com</a>)</p>

<p>Tom Craig of Google X</p>

<p>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of Alibaba Inc</p>

<p>Yabin Cui from Android Bionic Team</p>

<p>Zach Riggle (<a href="https://twitter.com/@ebeip90">@ebeip90</a>) of the Android Security Team</p>

</div>

<h2 id=2015>2015</h2>

<div style="LINE-HEIGHT:25px;">
<p>Abhishek Arya, Google Chrome Security Team</p>

<p>Alex Copot</p>

<p>Alex Eubanks</p>

<p>Alexandru Blanda</p>

<p>Artem Chaykin</p>

<p>Ben Hawkes</p>

<p>Brennan Lautner</p>

<p>Chiachih Wu of C0RE Team from Qihoo 360</p>

<p>Darmstadt (siegfried.rasthofer (a] gmail.com)</p>

<p>Daniel Micay (daniel.micay (a] copperhead.co) at Copperhead Security</p>

<p>Dongkwan Kim of System Security Lab, KAIST (dkay (a] kaist.ac.kr)</p>

<p>dragonltx of Alibaba Mobile Security Team</p>

<p>Gal Beniamini (<a href="http://bits-please.blogspot.com/">http://bits-please.blogspot.com</a>)</p>

<p>Guang Gong () (<a href="https://twitter.com/oldfresher">@oldfresher</a>, higongguang (a] gmail.com) of <a href="http://www.360.cn/">Qihoo 360 Technology Co.Ltd</a></p>

<p>Hongil Kim of System Security Lab, KAIST (hongilk (a] kaist.ac.kr)</p>

<p>Ian Beer of Google Project Zero</p>

<p>Ivn Arce (@4Dgifts) of Programa STIC at Fundacin Dr. Manuel Sadosky, Buenos
Aires Argentina</p>

<p>Jack Tang of Trend Micro (@jacktang310)</p>

<p>jgor of <a href="http://security.utexas.edu/">The University of Texas at Austin</a> (<a href="https://twitter.com/indiecom">@indiecom</a>)</p>

<p>Joaqun Rinaudo (@xeroxnir) of Programa STIC at Fundacin Dr. Manuel Sadosky,
Buenos Aires Argentina</p>

<p>Jordan Gruskovnjak of Exodus Intelligence (@jgrusko)</p>

<p>Joshua Drake of Zimperium</p>

<p>Lei Wu of C0RE Team from Qihoo 360</p>

<p>Marco Grassi (<a href="https://twitter.com/marcograss">@marcograss</a>) of <a href="http://k33nteam.org/">KeenTeam</a> (<a href="https://twitter.com/k33nteam">@K33nTeam</a>)</p>

<p>Mark Carter (<a href="https://twitter.com/hanpingchinese">@hanpingchinese</a>) of EmberMitre Ltd</p>

<p>Martin Barbella, Google Chrome Security Team</p>

<p>Michael Peck of <a href="https://www.mitre.org/">The MITRE Corporation</a> (mpeck (a] mitre.org)</p>

<p>Micha Bednarski (<a href="https://github.com/michalbednarski">https://github.com/michalbednarski</a>)</p>

<p>Michael Roland of JR-Center u'smile at University of Applied Scienses, Upper
Austria/Hagenberg</p>

<p>Natalie Silvanovich of Google Project Zero</p>

<p>Oliver Chang, Google Chrome Security Team</p>

<p>Peter Pi of Trend Micro</p>

<p>Ping Li of Qihoo 360 Technology Co. Ltd</p>

<p>Qidan He (@flanker_hqd) from KeenTeam (@K33nTeam, <a href="http://k33nteam.org/">http://k33nteam.org/</a>)</p>

<p>Roee Hay and Or Peles</p>

<p>Seven Shen of Trend Micro</p>

<p><a href="http://www.ec-spride.tu-darmstadt.de/en/research-groups/secure-software-engineering-group/staff/siegfried-rasthofer/">Siegfried Rasthofer</a> of <a href="http://sseblog.ec-spride.de/">Secure Software Engineering Group</a>, EC SPRIDE Technische Universitt</p>

<p>Stephan Huber of Testlab Mobile Security, <a href="https://www.sit.fraunhofer.de/">Fraunhofer SIT</a> (Stephan.Huber (a] sit.fraunhofer.de)</p>

<p>Steven Vittitoe of Google Project Zero</p>

<p>Tzu-Yin (Nina) Tai</p>

<p>Wangtao(neobyte) of Baidu X-Team</p>

<p>Wen Xu (@antlr7) from KeenTeam (@K33nTeam, <a href="http://k33nteam.org/">http://k33nteam.org/</a>)</p>

<p>Wish Wu of Trend Micro Inc. (@wish_wu)</p>

<p>Xuxian Jiang of C0RE Team from Qihoo 360</p>

<p>Yajin Zhou of C0RE Team from Qihoo 360</p>


</div>

<h2 id=2014>2014</h2>

<div style="LINE-HEIGHT:25px;">
<p>Jeff Forristal of <a href="http://www.bluebox.com/blog/">Bluebox
Security</a></p>

<p>Aaron Mangel of <a href="https://banno.com/">Banno</a> (<a
href="mailto:amangel (a] gmail.com">amangel (a] gmail.com</a>)</p>

<p><a href="http://www.linkedin.com/in/tonytrummer/">Tony Trummer</a> of <a
href="http://www.themeninthemiddle.com">The Men in the Middle</a> <br>(<a
href="https://twitter.com/SecBro1">@SecBro1</a>)</p>

<p><a href="http://www.samsung.com">Samsung Mobile</a></p>

<p>Henry Hoggard of <a href="https://labs.mwrinfosecurity.com/">MWR Labs</a> (<a
href="https://twitter.com/henryhoggard">@HenryHoggard</a>)</p>

<p><a href="http://www.androbugs.com">Yu-Cheng Lin </a> (<a
href="https://twitter.com/AndroBugs">@AndroBugs</a>)</p>

<p><a
href="http://www.ec-spride.tu-darmstadt.de/en/research-groups/secure-software-engineering-group/staff/siegfried-rasthofer/">Siegfried
Rasthofer</a> of <a href="http://sseblog.ec-spride.de/">Secure Software
Engineering Group</a>, EC SPRIDE Technische Universitt Darmstadt (<a
href="mailto:siegfried.rasthofer (a] gmail.com">siegfried.rasthofer (a] gmail.com</a>)</p>

<p>Steven Arzt of <a href="http://sseblog.ec-spride.de/">Secure Software
Engineering Group</a>, EC SPRIDE Technische Universitt Darmstadt (<a
href="mailto:Steven.Arzt (a] ec-spride.de">Steven.Arzt (a] ec-spride.de</a>)</p>

<p><a href="http://blog.redfern.me/">Joseph Redfern</a> of <a
href="https://labs.mwrinfosecurity.com/">MWR Labs</a> <br>(<a
href="https://twitter.com/JosephRedfern">@JosephRedfern</a>)</p>

<p><a href="https://plus.google.com/u/0/109528607786970714118">Valera
Neronov</a></p>

<p><a href="https://github.com/michalbednarski">Micha Bednarski</a></p>

<p><a href="http://www.linkedin.com/in/luander">Luander Michel Ribeiro</a> (<a
href="https://twitter.com/luanderock">@luanderock</a>)</p>

<p>Stephan Huber of Testlab Mobile Security, <a
href="https://www.sit.fraunhofer.de/">Fraunhofer SIT</a> (<a
href="mailto:Stephan.Huber (a] sit.fraunhofer.de">Stephan.Huber (a] sit.fraunhofer.de</a>)
</p>

<p><a href="http://www.corkami.com">Ange Albertini</a> (<a
href="https://twitter.com/angealbertini">@angealbertini</a>)</p>

<p><a href="https://www.linkedin.com/in/tdalvi">Tushar Dalvi</a> (<a
href="https://twitter.com/tushardalvi">@tushardalvi</a>)</p>

<p>Axelle Apvrille of Fortinet, FortiGuards Labs</p>

<p>Tongxin Li of Peking University (<a
href="mailto:litongxin1991 (a] gmail.com">litongxin1991 (a] gmail.com</a>)</p>

<p><a href="https://www.facebook.com/zhou.xiaoyong">Xiaoyong Zhou</a> of <a
href="http://www.cs.indiana.edu/~zhou/">Indiana University Bloomington</a> <br>(<a
href="https://twitter.com/xzhou">@xzhou</a>, <a
href="mailto:zhou.xiaoyong (a] gmail.com">zhou.xiaoyong (a] gmail.com</a>)</p>

<p><a href="http://homes.soic.indiana.edu/luyixing">Luyi Xing</a> of Indiana
University Bloomington (<a
href="mailto:xingluyi (a] gmail.com">xingluyi (a] gmail.com</a>)</p>

<p>Yeonjoon Lee of Indiana University Bloomington (<a
href="mailto:luc2yj (a] gmail.com">luc2yj (a] gmail.com</a>)</p>

<p><a href="http://www.informatics.indiana.edu/xw7/">Xiaofeng Wang</a> of
Indiana University Bloomington (<a
href="mailto:xw7 (a] indiana.edu">xw7 (a] indiana.edu</a>)</p>

<p>Xinhui Han of Peking University (<a
href="mailto:hanxinhui (a] pku.edu.cn">hanxinhui (a] pku.edu.cn</a>)</p>

<p><a href="http://thejh.net/">Jann Horn</a> <a href="https://android-review.googlesource.com/#/c/98197/">
<img style="vertical-align:middle;" src="../images/tiny-robot.png"
alt="Green Droid Patch Symbol"
title="This person contributed code that improved Android security">
</a></p>

<p>Robert Craig of <a href="https://www.nsa.gov/research/ia_research/">
Trusted Systems Research Group</a>, US National Security Agency
<a href="https://android-review.googlesource.com/#/q/owner:%22Robert+Craig+%253Crpcraig%2540tycho.ncsc.mil%253E%22+status:merged">
<img style="vertical-align:middle" src="../images/tiny-robot.png" alt="Patch Symbol"
title="This person contributed code that improved Android security"></a></p>

<p>Stephen Smalley of <a href="https://www.nsa.gov/research/ia_research/">
Trusted Systems Research Group</a>, US National Security Agency
<a href=
"https://android-review.googlesource.com/#/q/owner:%22Stephen+Smalley+%253Csds%2540tycho.nsa.gov%253E%22+status:merged">
<img style="vertical-align:middle" src="../images/tiny-robot.png"
alt="Patch Symbol" title="This person contributed code that improved Android security"></a></p>

<p><a href="http://www.linkedin.com/in/billcroberts">
William Roberts</a> (<a href="mailto:bill.c.roberts (a] gmail.com">bill.c.roberts (a] gmail.com</a>)
<a href=
"https://android-review.googlesource.com/#/q/owner:bill.c.roberts%2540gmail.com+status:merged">
<img style="vertical-align:middle" src="../images/tiny-robot.png"
alt="Patch Symbol" title="This person contributed code that improved Android security"></a></p>

<p>Scotty Bauer of University of Utah (<a href="mailto:sbauer (a] eng.utah.edu">sbauer (a] eng.utah.edu</a>)</p>

<p><a href="http://www.cs.utah.edu/~rsas/">Raimondas Sasnauskas</a> of University of Utah</p>

<p><a href="http://www.subodh.io">Subodh Iyengar</a> of <a href="https://www.facebook.com">Facebook</a></p>

<p><a href="http://www.shackleton.io/">Will Shackleton</a> of <a href="https://www.facebook.com">Facebook</a></p>

<p>Kunal Patel of <a href="https://www.samsungknox.com/">Samsung KNOX Security Team</a> (<a href="mailto:kunal.patel1 (a] samsung.com">kunal.patel1 (a] samsung.com</a>)</p>

<p>Sebastian Brenza</p>

<p>Wang Tao of <a href="http://xteam.baidu.com">Baidu X-Team</a> (<a href="mailto:wintao (a] gmail.com">wintao (a] gmail.com</a>)</p>

<p><a href="http://www.linkedin.com/in/danamodio">Dan Amodio</a> of <a href="https://www.aspectsecurity.com/">Aspect Security</a> (<a href="https://twitter.com/DanAmodio">@DanAmodio</a>)</p>

<p><a href="http://davidmurdoch.com">David Murdoch</a></p>

<p>Alexandru Gheorghita</p>

<p>Mathew Solnik (<a href="https://twitter.com/msolnik">@msolnik</a>)</p>

<p>Marc Blanchou (<a href="https://twitter.com/marcblanchou">@marcblanchou</a>)</p>

<p>Wang Yu of <a href="http://xteam.baidu.com">Baidu X-Team</a> (<a href="https://twitter.com/xi4oyu">@xi4oyu</a>)</p>

<p>Zhang Dong Hui of <a href="http://xteam.baidu.com">Baidu X-Team</a> (<a href="http://weibo.com/shineastdh">shineastdh</a>)</p>

<p>Alex Park (<a href="https://twitter.com/saintlinu">@saintlinu</a>)</p>

<p><a href="http://www.sonymobile.com">Sony Mobile</a></p>

<p><a href="https://twitter.com/isciurus">Andrey Labunets</a> of <a href="https://www.facebook.com">Facebook</a></p>

<p>Imre Rad of <a href="http://www.search-lab.hu/">Search-Lab Ltd.</a></p>

</div>

<h2 id=2013>2013</h2>

<div style="LINE-HEIGHT:25px;">

<p>Jon Sawyer of <a href="http://appliedcybersecurity.com/">Applied Cybersecurity LLC
</a> (<a href="mailto:jon (a] cunninglogic.com">jon (a] cunninglogic.com</a>)</p>

<p>Joshua J. Drake of <a href="http://www.accuvant.com/">Accuvant LABS
</a> (<a href="https://twitter.com/jduck">@jduck</a>)
<a href="https://android-review.googlesource.com/#/q/change:72228+OR+change:72229">
<img style="vertical-align:middle" src="../images/patchreward.png"
alt="Patch Rewards Symbol" title="This person qualified for the Patch Rewards program!"></a></p>

<p>Ruben Santamarta of IOActive
(<a href="https://twitter.com/reversemode">@reversemode</a>)</p>

<p>Lucas Yang (amadoh4ck) of
<a href="http://raonsecurity.com/">RaonSecurity</a>
(<a href="mailto:amadoh4ck (a] gmail.com">amadoh4ck (a] gmail.com</a>)</p>

<p><a href="https://tsarstva.bg/sh/">Ivaylo Marinkov</a>
of <a href="http://www.ecommera.com/">eCommera</a> <br>
(<a href="mailto:ivo (a] tsarstva.bg">ivo (a] tsarstva.bg</a>)</p>

<p><a href="http://roeehay.blogspot.com/">Roee Hay</a>
<br>(<a href="https://twitter.com/roeehay">@roeehay</a>,
<a href="mailto:roeehay (a] gmail.com">roeehay (a] gmail.com</a>)</p>

<p>Qualcomm Product Security Initiative</p>

<p><a href="https://lacklustre.net/">Mike Ryan</a> of
<a href="https://isecpartners.com/">iSEC Partners</a>
<br>(<a href="https://twitter.com/mpeg4codec">@mpeg4codec</a>,
<a href="mailto:mikeryan (a] isecpartners.com">mikeryan (a] isecpartners.com
</a>)</p>

<p><a href="http://cryptoonline.com/">Muhammad Naveed</a>
of <a href="http://illinois.edu/">University of Illinois
at Urbana-Champaign</a>
<br>(<a href="mailto:naveed2 (a] illinois.edu">naveed2 (a] illinois.edu</a>)</p>

<p>Robert Craig of <a href="https://www.nsa.gov/research/ia_research/">
Trusted Systems Research Group</a>, US National Security Agency
<a href="https://android-review.googlesource.com/#/q/owner:%22Robert+Craig+%253Crpcraig%2540tycho.ncsc.mil%253E%22+status:merged">
<img style="vertical-align:middle" src="../images/tiny-robot.png" alt="Patch Symbol"
title="This person contributed code that improved Android security"></a></p>

<p>Stephen Smalley of <a href="https://www.nsa.gov/research/ia_research/">
Trusted Systems Research Group</a>, US National Security Agency
<a href=
"https://android-review.googlesource.com/#/q/owner:%22Stephen+Smalley+%253Csds%2540tycho.nsa.gov%253E%22+status:merged">
<img style="vertical-align:middle" src="../images/tiny-robot.png"
alt="Patch Symbol" title="This person contributed code that improved Android security"></a></p>

<p><a href="http://www.linkedin.com/in/billcroberts">
William Roberts</a> (<a href="mailto:bill.c.roberts (a] gmail.com">bill.c.roberts (a] gmail.com</a>)
<a href=
"https://android-review.googlesource.com/#/q/owner:bill.c.roberts%2540gmail.com+status:merged">
<img style="vertical-align:middle" src="../images/tiny-robot.png"
alt="Patch Symbol" title="This person contributed code that improved Android security"></a></p>

<p><a href="http://roeehay.blogspot.com/">Roee Hay</a>
<br>(<a href="https://twitter.com/roeehay">@roeehay</a>,
<a href="mailto:roeehay (a] gmail.com">roeehay (a] gmail.com</a>)</p>

<p><a href="http://homes.soic.indiana.edu/luyixing">Luyi Xing</a> of Indiana
University Bloomington (<a
href="mailto:xingluyi (a] gmail.com">xingluyi (a] gmail.com</a>)</p>

<p>Xiaorui Pan of Indiana University Bloomington (<a href="mailto:eagle200467 (a] gmail.com">eagle200467 (a] gmail.com</a>)<p>

<p>XiaoFeng Wang of Indiana University Bloomington (<a href="mailto:xw7 (a] indiana.edu">xw7 (a] indiana.edu</a>)</p>

<p>Kan Yuan</p>

</div>
<h2 id=2012>2012</h2>

<div style="LINE-HEIGHT:25px;">

<p>Robert Craig of <a href="https://www.nsa.gov/research/ia_research/">
Trusted Systems Research Group</a>, US National Security Agency
<a href="https://android-review.googlesource.com/#/q/owner:%22Robert+Craig+%253Crpcraig%2540tycho.ncsc.mil%253E%22+status:merged">
<img style="vertical-align:middle" src="../images/tiny-robot.png" alt="Patch Symbol"
title="This person contributed code that improved Android security"></a></p>

<p>Stephen Smalley of <a href="https://www.nsa.gov/research/ia_research/">
Trusted Systems Research Group</a>, US National Security Agency
<a href=
"https://android-review.googlesource.com/#/q/owner:%22Stephen+Smalley+%253Csds%2540tycho.nsa.gov%253E%22+status:merged">
<img style="vertical-align:middle" src="../images/tiny-robot.png"
alt="Patch Symbol" title="This person contributed code that improved Android security"></a></p>

<p><a href="http://www.linkedin.com/in/billcroberts">
William Roberts</a> (<a href="mailto:bill.c.roberts (a] gmail.com">bill.c.roberts (a] gmail.com</a>)
<a href=
"https://android-review.googlesource.com/#/q/owner:bill.c.roberts%2540gmail.com+status:merged">
<img style="vertical-align:middle" src="../images/tiny-robot.png"
alt="Patch Symbol" title="This person contributed code that improved Android security"></a></p>

<p><a href="http://thejh.net/">Jann Horn</a></p>

<p>Ravishankar Borgaonkar of TU Berlin
(<a href="https://twitter.com/raviborgaonkar">@raviborgaonkar</a>)</p>

<p><a href="http://roeehay.blogspot.com/">Roee Hay</a>
<br>(<a href="https://twitter.com/roeehay">@roeehay</a>,
<a href="mailto:roeehay (a] gmail.com">roeehay (a] gmail.com</a>)</p>

<p>David Weinstein of <a href="https://viaforensics.com/">viaForensics</a> (<a href="https://twitter.com/insitusec">@insitusec</a>)</p>

</div>

<h2 id=2011>2011</h2>

<div style="LINE-HEIGHT:25px;">

<p>Collin Mulliner of <a href="http://www.mulliner.org/collin/academic">MUlliNER.ORG</a> (<a href="https://twitter.com/collinrm">@collinrm</a>)</p>

</div>

<h2 id=2009>2009</h2>

<div style="LINE-HEIGHT:25px;">

<p>Collin Mulliner of <a href="http://www.mulliner.org/collin/academic">MUlliNER.ORG</a> (<a href="https://twitter.com/collinrm">@collinrm</a>)</p>

<p>Charlie Miller (<a href="https://twitter.com/0xcharlie">@0xcharlie</a>)</p>

</div>