The Android Security Team would like to thank the following people and
parties for helping to improve Android security. They have done this either by
finding and responsibly reporting security vulnerabilities through the AOSP bug
tracker Security
bug report template or by committing code that has a positive
impact on Android security, including code that qualifies
for the Patch
Rewards program.
In 2018, the security acknowledgements are listed by month. In prior years,
acknowledgements were listed together.
| Researcher |
CVEs |
| ADlab of Venustech |
CVE-2017-0630 |
| Alexander Potapenko of Google Dynamic Tools team |
CVE-2017-0537 |
| Alexandru Blanda |
CVE-2017-0390 |
| Amir Cohen of Ben Gurion University Cyber Lab |
CVE-2017-0650 |
| Ao Wang (@ArayzSegment) of
Pangu Team |
CVE-2017-0691, CVE-2017-0700 |
| Aravind Machiry of Shellphish Grill Team, University of California, Santa
Barbara |
CVE-2017-0865 |
| Dr. Asaf Shabtai of Ben Gurion University Cyber Lab |
CVE-2017-0650 |
| Baozeng Ding (@sploving1) of
Alibaba Mobile Security Group |
CVE-2017-0463, CVE-2017-0506, CVE-2017-0711, CVE-2017-0741,
CVE-2017-0742, CVE-2017-0751, CVE-2017-0796, CVE-2017-0798, CVE-2017-0800,
CVE-2017-0827, CVE-2017-0843, CVE-2017-0864, CVE-2017-9703, CVE-2017-9708,
CVE-2017-11000, CVE-2017-11059, CVE-2017-13170 |
| Ben Actis (@Ben_RA) |
CVE-2016-8461 |
| Ben Seri of Armis, Inc. |
CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785 |
| Billy Lau of Android Security |
CVE-2017-0335, CVE-2017-0336, CVE-2017-0338, CVE-2017-0460,
CVE-2017-8263, CVE-2017-9682, CVE-2017-13162 |
| Bo Liu of MS509Team |
CVE-2017-0490, CVE-2017-0601, CVE-2017-0639, CVE-2017-0645,
CVE-2017-0784, CVE-2017-11042 |
| Chao Yang of Alibaba Mobile Security Group |
CVE-2016-10280, CVE-2016-10281, CVE-2017-0565 |
| Chenfu Bao (包沉浮) of Baidu X-Lab (百度安全实验室) |
CVE-2016-8417, CVE-2016-10236, CVE-2017-0728, CVE-2017-0738,
CVE-2017-0766, CVE-2017-0794, CVE-2017-9681, CVE-2017-9684, CVE-2017-9693,
CVE-2017-9694, CVE-2017-9696, CVE-2017-9702, CVE-2017-9715, CVE-2017-9717,
CVE-2017-9720, CVE-2017-11001, CVE-2017-10999, CVE-2017-11057,
CVE-2017-11060, CVE-2017-11061, CVE-2017-11064, CVE-2017-11089, CVE-2017-11090 |
| Chengming Yang of Alibaba Mobile Security Group |
CVE-2016-10280, CVE-2016-10281, CVE-2017-0463, CVE-2017-0506,
CVE-2017-0565, CVE-2017-0711, CVE-2017-0741, CVE-2017-0742, CVE-2017-0751,
CVE-2017-0796, CVE-2017-0798, CVE-2017-0800, CVE-2017-0827, CVE-2017-0843,
CVE-2017-0864, CVE-2017-9708, CVE-2017-11000, CVE-2017-11059, CVE-2017-13170 |
| Chenxiong Qian of Georgia Tech |
CVE-2017-0860 |
| Chi Zhang of
C0RE Team |
CVE-2017-0666, CVE-2017-0681, CVE-2017-0684, CVE-2017-0765,
CVE-2017-0836, CVE-2017-0857, CVE-2017-0880, CVE-2017-13166 |
| Chiachih Wu (@chiachih_wu)
of C0RE Team |
CVE-2016-8425, CVE-2016-8426, CVE-2016-8430, CVE-2016-8431,
CVE-2016-8432, CVE-2016-8449, CVE-2016-8435, CVE-2016-8480, CVE-2016-8481,
CVE-2016-8482, CVE-2017-0383, CVE-2017-0384, CVE-2017-0385, CVE-2017-0398,
CVE-2017-0400, CVE-2017-0401, CVE-2017-0402, CVE-2017-0428, CVE-2017-0429,
CVE-2017-0435, CVE-2017-0436, CVE-2017-0444, CVE-2017-0448 |
| Chong Wang of Chengdu Security
Response Center, Qihoo 360 Technology Co. Ltd. |
CVE-2017-0758 |
| Cong Zheng (@shellcong) of
Palo Alto Networks |
CVE-2017-0752 |
| Constantinos Patsakis of University of Piraeus |
CVE-2017-0807 |
| Cusas (华为公司的cusas) |
CVE-2017-0870 |
| Dacheng Shao of
C0RE Team |
CVE-2017-0483, CVE-2017-0739, CVE-2017-0769, CVE-2017-0801 |
| Daniel Dakhno |
CVE-2017-0420 |
| Daniel Micay of Copperhead Security |
CVE-2017-0397, CVE-2017-0405, CVE-2017-0410, CVE-2017-0826, CVE-2017-13160 |
| Daxing Guo (@freener0) of
Xuanwu Lab, Tencent |
CVE-2017-0386, CVE-2017-0553, CVE-2017-0585, CVE-2017-0706 |
| derrek
(@derrekr6) |
CVE-2016-8413, CVE-2016-8477, CVE-2017-0392, CVE-2017-0521,
CVE-2017-0531, CVE-2017-0576, CVE-2017-8260 |
| Di Shen (@returnsme) of
KeenLab (@keen_lab), Tencent |
CVE-2016-8412, CVE-2016-8427, CVE-2016-8444, CVE-2016-10287,
CVE-2017-0334, CVE-2017-0403, CVE-2017-0427, CVE-2017-0456, CVE-2017-0457,
CVE-2017-0525, CVE-2017-8265 |
| donfos (Aravind Machiry) of Shellphish Grill Team, UC Santa Barbara |
CVE-2016-5349, CVE-2016-8448, CVE-2016-8470, CVE-2016-8471, CVE-2016-8472 |
| Dzmitry Lukyanenka |
CVE-2017-0414, CVE-2017-0703, CVE-2017-0808, CVE-2017-13157,
CVE-2017-13158, CVE-2017-13159 |
| Ecular Xu (徐健) of Trend Micro |
CVE-2017-0599, CVE-2017-0635, CVE-2017-0641, CVE-2017-0643, CVE-2017-0859 |
| Efthimios Alepis of University of Piraeus |
CVE-2017-0807 |
| Elphet of Alpha Team, Qihoo 360 Technology Co. Ltd. |
CVE-2017-0692, CVE-2017-0694, CVE-2017-0771, CVE-2017-0774, CVE-2017-0775 |
| En He (@heeeeen4x) of
MS509Team |
CVE-2017-0394, CVE-2017-0490, CVE-2017-0601, CVE-2017-0639,
CVE-2017-0645, CVE-2017-0784, CVE-2017-11042 |
| Eric Lafortune of
GuardSquare |
CVE-2017-13156 |
| Ethan Yonker of Team Win Recovery Project |
CVE-2017-0493 |
| Fang Chen of Sony Mobile Communications Inc. |
CVE-2017-0481 |
| Frank Liberato of Chrome |
CVE-2017-0409 |
| Gal Beniamini of Project Zero |
CVE-2017-0411, CVE-2017-0412, CVE-2017-0561, CVE-2017-0569
CVE-2017-0570, CVE-2017-0571, CVE-2017-0572 |
| Gengjia Chen
(@chengjia4574) of IceSword Lab,
Qihoo 360 Technology Co. Ltd. |
CVE-2016-8464, CVE-2016-10285, CVE-2016-10288, CVE-2016-10290,
CVE-2016-10294, CVE-2016-10295, CVE-2016-10296, CVE-2017-0329, CVE-2017-0332,
CVE-2017-0432, CVE-2017-0434, CVE-2017-0446, CVE-2017-0447, CVE-2017-0500,
CVE-2017-0501, CVE-2017-0502, CVE-2017-0503, CVE-2017-0509, CVE-2017-0524,
CVE-2017-0529, CVE-2017-0536, CVE-2017-0566, CVE-2017-0573, CVE-2017-0581,
CVE-2017-0616, CVE-2017-0617, CVE-2017-0624, CVE-2017-0649, CVE-2017-0744,
CVE-2017-6426, CVE-2017-8243, CVE-2017-8244, CVE-2017-8266, CVE-2017-8270,
CVE-2017-9691, CVE-2017-10997 |
| Godzheng (郑文选 @VirtualSeekers) of Tencent PC
Manager |
CVE-2017-0602, CVE-2017-0646 |
| Google WebM Team |
CVE-2017-0393 |
| Gregory Vishnepolsky of Armis, Inc. |
CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785 |
| Guang Gong (龚广) (@oldfresher)
of Alpha Team, Qihoo 360 Technology Co. Ltd. |
CVE-2016-8415, CVE-2016-8419, CVE-2016-8420, CVE-2016-8421,
CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457, CVE-2016-8465,
CVE-2016-8476, CVE-2016-10283, CVE-2017-0387, CVE-2017-0415, CVE-2017-0437,
CVE-2017-0438, CVE-2017-0439, CVE-2017-0441, CVE-2017-0442, CVE-2017-0443,
CVE-2017-0453, CVE-2017-0454, CVE-2017-0461, CVE-2017-0464, CVE-2017-0547,
CVE-2017-0567, CVE-2017-0574, CVE-2017-0575, CVE-2017-0577, CVE-2017-0580,
CVE-2017-0584, CVE-2017-0692, CVE-2017-0694, CVE-2017-0727, CVE-2017-0748,
CVE-2017-0771, CVE-2017-0774, CVE-2017-0775, CVE-2017-0786, CVE-2017-0787,
CVE-2017-0788, CVE-2017-0789, CVE-2017-0790, CVE-2017-0791, CVE-2017-0792,
CVE-2017-0825, CVE-2017-6424, CVE-2017-14904 |
| Guangdong Bai of Singapore Institute of Technology (SIT) |
CVE-2017-0496 |
|
Güliz Seray
Tuncay of the University of
Illinois at Urbana-Champaign |
CVE-2017-0593 |
| Guo Haoran of King Team |
CVE-2017-13172 |
| Hanxiang Wen of
C0RE Team |
CVE-2017-0400, CVE-2017-0418, CVE-2017-0479, CVE-2017-0480,
CVE-2017-0665, CVE-2017-0681, CVE-2017-0737, CVE-2017-14904 |
| Hao Chen of Alpha Team, Qihoo 360 Technology Co. Ltd. |
CVE-2016-8415, CVE-2016-8419, CVE-2016-8420, CVE-2016-8421,
CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457, CVE-2016-8465,
CVE-2016-8476, CVE-2016-10283, CVE-2017-0437, CVE-2017-0438, CVE-2017-0439,
CVE-2017-0441, CVE-2017-0442, CVE-2017-0443, CVE-2017-0453, CVE-2017-0454,
CVE-2017-0461, CVE-2017-0464, CVE-2017-0567, CVE-2017-0574, CVE-2017-0575,
CVE-2017-0577, CVE-2017-0580, CVE-2017-0584, CVE-2017-0748, CVE-2017-0786,
CVE-2017-0787, CVE-2017-0788, CVE-2017-0789, CVE-2017-0790, CVE-2017-0791,
CVE-2017-0792, CVE-2017-0825, CVE-2017-6424 |
| Hao Qin of Security Research Lab, Cheetah Mobile |
CVE-2017-11056 |
| Hiroki Yamamoto of Sony Mobile Communications Inc. |
CVE-2017-0481 |
| Hongli Han
(@HexB1n) of
C0RE Team |
CVE-2017-0384, CVE-2017-0385, CVE-2017-0731, CVE-2017-0739,
CVE-2017-13154, CVE-2017-6276 |
| hujianfei of Qihoo360 Qex Team |
CVE-2017-0753 |
| Ian Foster (@lanrat) |
CVE-2017-0554 |
| Jack Tang of Trend Micro Inc. |
CVE-2017-0579, CVE-2017-9706 |
| Jake Corina of Shellphish Grill Team |
CVE-2017-0636, CVE-2017-0802 |
| Jason Gu of Trend Micro |
CVE-2017-0780 |
| Jeff Sharkey of Google |
CVE-2017-0421, CVE-2017-0423 |
| Jeff Trim |
CVE-2017-0422 |
| Jeremy Huang
(@bittorrent3389)
of King Team |
CVE-2017-13172 |
| Jianjun Dai (@Jioun_dai) of
Qihoo 360 Skyeye Labs |
CVE-2017-0478, CVE-2017-0541, CVE-2017-0559 |
| Jianqiang Zhao (@jianqiangzhao)
of IceSword Lab, Qihoo 360 |
CVE-2016-5346, CVE-2016-8416, CVE-2016-8475, CVE-2016-8478,
CVE-2017-0445, CVE-2017-0458, CVE-2017-0459, CVE-2017-0518, CVE-2017-0519,
CVE-2017-0533, CVE-2017-0534, CVE-2017-0862, CVE-2017-6425, CVE-2017-8233,
CVE-2017-8261, CVE-2017-8268, CVE-2017-9718, CVE-2017-1000380 |
| Joey Brand of Census Consulting Inc. |
CVE-2017-0698 |
| Jon Sawyer (@jcase) |
CVE-2016-8461, CVE-2016-8462 |
|
Jose Martinez |
CVE-2017-0841 |
| Juhu Nie of Xiaomi Inc. |
CVE-2016-10276 |
| Jun Cheng of Alibaba Inc. |
CVE-2017-0404 |
| Justin Paupore of Google |
CVE-2017-0831 |
| Kevin Deus of Google |
CVE-2017-11052, CVE-2017-11054, CVE-2017-11055, CVE-2017-11062 |
| Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室) |
CVE-2016-8417, CVE-2016-10236, CVE-2017-0728, CVE-2017-0738,
CVE-2017-0766, CVE-2017-0794 CVE-2017-9681, CVE-2017-9684, CVE-2017-9693,
CVE-2017-9694, CVE-2017-9696, CVE-2017-9702, CVE-2017-9715, CVE-2017-9717,
CVE-2017-9720, CVE-2017-10999, CVE-2017-11001, CVE-2017-11057,
CVE-2017-11060, CVE-2017-11061, CVE-2017-11064, CVE-2017-11089, CVE-2017-11090 |
| Liyadong of Qex Team, Qihoo 360 |
CVE-2017-0647 |
| Lorenzo Nicolodi |
CVE-2017-13165 |
| Lubo Zhang of
C0RE Team |
CVE-2016-8479, CVE-2017-0564, CVE-2017-7368 |
| ma.la of LINE Corporation |
CVE-2016-5552 |
| Makoto Onuki of Google |
CVE-2017-0491 |
| Marco Bartoli (@wsxarcher) |
CVE-2017-0712 |
| Mark Salyzyn of Google |
CVE-2017-0558 |
| Max Spector of Google |
CVE-2017-0416 |
| Michael Goberman of IBM Security X-Force |
CVE-2016-8467 |
| Michal Bednarski |
CVE-2017-0598, CVE-2017-0806, CVE-2017-0871 |
| Mike Anderson (@manderbot) of
Tesla Motors Product Security Team |
CVE-2017-0327, CVE-2017-0328 |
| Mingjian Zhou (@Mingjian_Zhou) of
C0RE Team |
CVE-2017-0383, CVE-2017-0417, CVE-2017-0418, CVE-2017-0425,
CVE-2017-0450, CVE-2017-0479, CVE-2017-0480, CVE-2017-0483, CVE-2017-0665,
CVE-2017-0666, CVE-2017-0681, CVE-2017-0684, CVE-2017-0731, CVE-2017-0737,
CVE-2017-0739, CVE-2017-0765, CVE-2017-0768, CVE-2017-0769, CVE-2017-0779,
CVE-2017-0801, CVE-2017-0812, CVE-2017-0815, CVE-2017-0816, CVE-2017-0836,
CVE-2017-0837, CVE-2017-0840, CVE-2017-0857, CVE-2017-8080, CVE-2017-6276,
CVE-2017-13152, CVE-2017-13154, CVE-2017-13166, CVE-2017-13169, CVE-2017-14904 |
| Monk Avel |
CVE-2017-0396, CVE-2017-0399 |
| Nan Li of Xiaomi Inc. |
CVE-2016-10276 |
| Nathan Crandall (@natecray) |
CVE-2017-0535 |
| Nathan Crandall (@natecray) of
Tesla Motors Product Security Team |
CVE-2017-0306, CVE-2017-0327, CVE-2017-0328, CVE-2017-0331,
CVE-2017-0606, CVE-2017-8242, CVE-2017-9679 |
| Nick Stephens of Shellphish Grill Team |
CVE-2017-0636, CVE-2017-0802 |
| Nikolay Elenkov of LINE Corporation |
CVE-2016-5552 |
| Niky1235
(@jiych_guru) |
CVE-2017-0603, CVE-2017-0670, CVE-2017-0697, CVE-2017-0726, CVE-2017-0818 |
| Ning You of Alibaba Mobile Security Group |
CVE-2016-10280, CVE-2016-10281, CVE-2017-0463, CVE-2017-0565 |
| Nitay Artenstein of Exodus Intelligence |
CVE-2017-9417 |
| Omer Shwartz of Ben Gurion University Cyber Lab |
CVE-2017-0650 |
| Peide Zhang of Vulpecker Team, Qihoo 360 Technology Co. Ltd. |
CVE-2017-0618, CVE-2017-0625 |
| Peng Xiao of Alibaba Mobile Security Group |
CVE-2016-10280, CVE-2016-10281, CVE-2017-0463, CVE-2017-0506,
CVE-2017-0565, CVE-2017-0842 |
| Pengfei Ding (丁鹏飞) of Baidu X-Lab (百度安全实验室) |
CVE-2016-8417, CVE-2016-10236, CVE-2017-0728, CVE-2017-0738,
CVE-2017-0766, CVE-2017-0794, CVE-2017-9681, CVE-2017-9684, CVE-2017-9693,
CVE-2017-9694, CVE-2017-9696, CVE-2017-9702, CVE-2017-9715, CVE-2017-9717,
CVE-2017-9720, CVE-2017-11001, CVE-2017-10999, CVE-2017-11057,
CVE-2017-11060, CVE-2017-11061, CVE-2017-11064, CVE-2017-11089, CVE-2017-11090 |
| Peter Pi of Tencent Security Platform Department |
CVE-2017-11046, CVE-2017-11091 |
| Peter Pi (@heisecode) of
Trend Micro |
CVE-2016-8424, CVE-2016-8428, CVE-2016-8429, CVE-2016-8460,
CVE-2016-8469, CVE-2016-8473, CVE-2016-8474 |
| pjf of IceSword Lab, Qihoo 360
Technology Co. Ltd. |
CVE-2016-5346, CVE-2016-8416, CVE-2016-8464, CVE-2016-8475,
CVE-2016-8478, CVE-2016-10285, CVE-2016-10288, CVE-2016-10290, CVE-2016-10294,
CVE-2016-10295, CVE-2016-10296, CVE-2017-0329, CVE-2017-0332, CVE-2017-0432,
CVE-2017-0434, CVE-2017-0445, CVE-2017-0446, CVE-2017-0447, CVE-2017-0458,
CVE-2017-0459, CVE-2017-0500, CVE-2017-0501, CVE-2017-0502, CVE-2017-0503,
CVE-2017-0509, CVE-2017-0518, CVE-2017-0519, CVE-2017-0524, CVE-2017-0529,
CVE-2017-0533, CVE-2017-0534, CVE-2017-0536, CVE-2017-0566, CVE-2017-0573,
CVE-2017-0581, CVE-2017-0616, CVE-2017-0617, CVE-2017-0624, CVE-2017-0649,
CVE-2017-0744, CVE-2017-0862, CVE-2017-6425, CVE-2017-6426, CVE-2017-8233,
CVE-2017-8243, CVE-2017-8244, CVE-2017-8261, CVE-2017-8266, CVE-2017-8268,
CVE-2017-8270, CVE-2017-9691, CVE-2017-9718, CVE-2017-10997, CVE-2017-1000380 |
| Qidan He (何淇丹) (@flanker_hqd)
of KeenLab, Tencent (腾讯科恩实验室) |
CVE-2017-0325, CVE-2017-0337, CVE-2017-0382, CVE-2017-0427,
CVE-2017-0476, CVE-2017-0544, CVE-2017-0861, CVE-2017-0866, CVE-2017-13167,
CVE-2017-13324, CVE-2017-15868 |
| Qing Zhang of Qihoo 360 |
CVE-2017-0496 |
| Qiwu Huang of Xiaomi Inc. |
CVE-2016-10276 |
| Quhe of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) |
CVE-2017-0522 |
| Roee Hay (@roeehay) of Aleph
Research, HCL Technologies |
CVE-2016-10277, CVE-2017-0563, CVE-2017-0582, CVE-2017-0648, CVE-2017-0829,
CVE-2017-13174 |
| Roee Hay of IBM Security X-Force Research |
CVE-2016-8467, CVE-2017-0510 |
| Sagi Kedmi of IBM Security X-Force Research |
CVE-2017-0433, CVE-2017-0510 |
| Sahara of Secure
Communications in DarkMatter |
CVE-2017-0528 |
| salls (@chris_salls) of
Shellphish Grill Team, UC Santa Barbara |
CVE-2017-0505, CVE-2017-13168 |
| Scott Bauer
(@ScottyBauer1) |
CVE-2016-10274, CVE-2017-0339, CVE-2017-0405, CVE-2017-0504,
CVE-2017-0516, CVE-2017-0521, CVE-2017-0562, CVE-2017-0576, CVE-2017-0705, CVE-2017-0740,
CVE-2017-8259, CVE-2017-8260, CVE-2017-9680, CVE-2017-11053, CVE-2017-13160 |
| Sean Beaupre (@firewaterdevs) |
CVE-2016-8461, CVE-2016-8462, CVE-2017-0455 |
| Seven Shen (@lingtongshen)
of Trend Micro Mobile Threat Research Team |
CVE-2016-8418, CVE-2016-8466, CVE-2016-10231, CVE-2017-0449,
CVE-2017-0452, CVE-2017-0578, CVE-2017-0586, CVE-2017-0724, CVE-2017-0772,
CVE-2017-0780, CVE-2017-6247, CVE-2017-6248, CVE-2017-6249, CVE-2017-7369 |
| Shinichi Matsumoto of Fujitsu |
CVE-2017-0498 |
| Simon Chung of Georgia Tech |
CVE-2017-0860 |
| Stéphane Marques of
ByteRev |
CVE-2017-0489 |
| Stephen Morrow |
CVE-2017-0389 |
| Svetoslav Ganov of Google |
CVE-2017-0492 |
| Tim Becker |
CVE-2017-0546 |
| Timothy Becker of CSS Inc. |
CVE-2017-0667, CVE-2017-0732, CVE-2017-0805 |
| Tong Lin of
C0RE Team |
CVE-2016-8425, CVE-2016-8426, CVE-2016-8449, CVE-2016-8479,
CVE-2016-8481, CVE-2016-10291, CVE-2017-0333, CVE-2017-0428, CVE-2017-0435,
CVE-2017-0436, CVE-2017-10661 |
| Uma Sankar Pradhan
(@umasankar_iitd) |
CVE-2017-0560 |
| Valerio Costamagna (@vaio_co) |
CVE-2017-0712 |
| Vasily Vasiliev |
CVE-2017-0589, CVE-2017-0637, CVE-2017-0638, CVE-2017-0642,
CVE-2017-0675, CVE-2017-0676, CVE-2017-0682, CVE-2017-0683, CVE-2017-0696,
CVE-2017-0699, CVE-2017-0701, CVE-2017-0702, CVE-2017-0716, CVE-2017-0757 |
| V.E.O (@VYSEa) of Mobile Threat
Research Team, Trend Micro |
CVE-2017-0381, CVE-2017-0424, CVE-2017-0466, CVE-2017-0467,
CVE-2017-0468, CVE-2017-0469, CVE-2017-0470, CVE-2017-0471, CVE-2017-0472,
CVE-2017-0473, CVE-2017-0482, CVE-2017-0484, CVE-2017-0485, CVE-2017-0486,
CVE-2017-0487, CVE-2017-0494, CVE-2017-0495, CVE-2017-0538, CVE-2017-0539,
CVE-2017-0540, CVE-2017-0555, CVE-2017-0556, CVE-2017-0557, CVE-2017-0587,
CVE-2017-0590, CVE-2017-0600, CVE-2017-0640, CVE-2017-0674, CVE-2017-0677,
CVE-2017-0679, CVE-2017-0680, CVE-2017-0685, CVE-2017-0686, CVE-2017-0689,
CVE-2017-0693, CVE-2017-0695, CVE-2017-0713, CVE-2017-0715, CVE-2017-0750,
CVE-2017-10662, CVE-2017-10663 |
| wanchouchou of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) |
CVE-2017-0522 |
| Weichao Sun (@sunblate) of
Alibaba Inc. |
CVE-2017-0391, CVE-2017-0407, CVE-2017-0549, CVE-2017-0759 |
| Wenjun Hu of Palo Alto Networks |
CVE-2017-0752 |
| Wenke Lee of Georgia Tech |
CVE-2017-0860 |
| Wenke Dou of
C0RE Team |
CVE-2017-0384, CVE-2017-0385, CVE-2017-0398, CVE-2017-0400,
CVE-2017-0401, CVE-2017-0402, CVE-2017-0417, CVE-2017-0418, CVE-2017-0450,
CVE-2017-0483, CVE-2017-0768, CVE-2017-0779, CVE-2017-0812, CVE-2017-0815,
CVE-2017-0816 |
| Wenlin Yang (@wenlin_yang)
of Alpha Team, Qihoo 360 Technology Co. Ltd. |
CVE-2017-0577, CVE-2017-0580 |
| Wish Wu (@wish_wu)
(吴潍浠 此彼)
of Ant-financial Light-Year Security Lab |
CVE-2017-0408, CVE-2017-0477, CVE-2017-11063, CVE-2017-11092 |
| Wolfu (付敬贵) of Tencent Security Platform Department |
CVE-2017-0863, CVE-2017-11050, CVE-2017-11051, CVE-2017-11067,
CVE-2017-11073, CVE-2017-11093 |
| Xiangqian Zhang of Alibaba Mobile Security Group |
CVE-2017-0796, CVE-2017-0827 |
| Xiao Zhang of Palo Alto Networks |
CVE-2017-0752 |
| Xiaodong Wang of
C0RE Team |
CVE-2017-0429, CVE-2017-0448 |
| Xiling Gong of Tencent Security Platform Department |
CVE-2017-0597, CVE-2017-0708, CVE-2017-8236, CVE-2017-9690 |
| Xingyuan Lin of 360 Marvel Team |
CVE-2017-0627, CVE-2017-13163 |
| Xuxian Jiang of C0RE Team |
CVE-2016-8425, CVE-2016-8426, CVE-2016-8430, CVE-2016-8431,
CVE-2016-8432, CVE-2016-8449, CVE-2016-8435, CVE-2016-8479, CVE-2016-8480,
CVE-2016-8481, CVE-2016-8482, CVE-2016-10291, CVE-2017-0326, CVE-2017-0333,
CVE-2017-0383, CVE-2017-0384, CVE-2017-0385, CVE-2017-0398, CVE-2017-0400,
CVE-2017-0401, CVE-2017-0402, CVE-2017-0417, CVE-2017-0418, CVE-2017-0425,
CVE-2017-0428, CVE-2017-0429, CVE-2017-0435, CVE-2017-0436, CVE-2017-0444,
CVE-2017-0448, CVE-2017-0450, CVE-2017-0479, CVE-2017-0480, CVE-2017-0483,
CVE-2017-0526, CVE-2017-0527, CVE-2017-0651, CVE-2017-0665, CVE-2017-0666,
CVE-2017-0681, CVE-2017-0684, CVE-2017-0709, CVE-2017-0731, CVE-2017-0737,
CVE-2017-0739, CVE-2017-0765, CVE-2017-0768, CVE-2017-0769, CVE-2017-0779,
CVE-2017-0801, CVE-2017-7368, CVE-2017-8264, CVE-2017-10661 |
| XTN |
CVE-2017-13165 |
| Yan Zhou of Eagleye team, SCC, Huawei |
CVE-2017-9678 |
| Yanfeng Wang of
C0RE Team |
CVE-2016-8430, CVE-2016-8482 |
| Yang Cheng of Xiaomi Inc. |
CVE-2016-10276 |
| Yang Dai of Vulpecker Team,
Qihoo 360 Technology Co. Ltd |
CVE-2017-0795, CVE-2017-0799, CVE-2017-0804, CVE-2017-0803,
CVE-2017-6262, CVE-2017-6263, CVE-2017-6280 |
| Yang Song of Alibaba Mobile Security Group |
CVE-2016-10280, CVE-2016-10281, CVE-2017-0463, CVE-2017-0506,
CVE-2017-0565, CVE-2017-0711, CVE-2017-0741, CVE-2017-0742, CVE-2017-0751,
CVE-2017-0796, CVE-2017-0798, CVE-2017-0800, CVE-2017-0827, CVE-2017-0842,
CVE-2017-0843, CVE-2017-0864, CVE-2017-11000, CVE-2017-11059, CVE-2017-9703,
CVE-2017-9708, CVE-2017-13170 |
| Yanick Fratantonio (UC Santa Barbara, Shellphish Grill Team, EURECOM) |
CVE-2017-0860 |
| Yangkang (@dnpushme) of Qex
Team, Qihoo 360 |
CVE-2017-0647, CVE-2017-0690, CVE-2017-0753 |
| Yao Jun of
C0RE Team |
CVE-2016-8431, CVE-2016-8432, CVE-2016-8435, CVE-2016-8480 |
| Yaoguang Chen of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) |
CVE-2017-13171 |
| Yong Wang (王勇) (@ThomasKing2014) of Alibaba Inc. |
CVE-2017-0404, CVE-2017-0588, CVE-2017-0842, CVE-2017-13164, CVE-2017-9708,
CVE-2017-13170 |
| Yonggang Guo (@guoygang) of
IceSword Lab, Qihoo 360 Technology Co. Ltd. |
CVE-2016-10289, CVE-2017-0465, CVE-2017-0564, CVE-2017-0746,
CVE-2017-0749, CVE-2017-7370, CVE-2017-8267, CVE-2017-8269, CVE-2017-8271,
CVE-2017-8272, CVE-2017-11048, CVE-2017-12146 |
| Yongke Wang of Tencent's Xuanwu
Lab |
CVE-2017-0729, CVE-2017-0767, CVE-2017-0839, CVE-2017-0848 |
| Dr. Yossi Oren of Ben Gurion University Cyber Lab |
CVE-2017-0650 |
| Yu Pan of Vulpecker Team, Qihoo 360 Technology Co. Ltd |
CVE-2016-10282, CVE-2017-0517, CVE-2017-0532, CVE-2017-0615,
CVE-2017-0618, CVE-2017-0625, CVE-2017-0795, CVE-2017-0799, CVE-2017-0804,
CVE-2017-0803, CVE-2017-6262, CVE-2017-6263, CVE-2017-6280 |
| Yuan-Tsung Lo of C0RE Team |
CVE-2016-8425, CVE-2016-8426, CVE-2016-8430, CVE-2016-8431,
CVE-2016-8432, CVE-2016-8435, CVE-2016-8449, CVE-2016-8479, CVE-2016-8480,
CVE-2016-8481, CVE-2016-8482, CVE-2016-10291, CVE-2017-0326, CVE-2017-0333,
CVE-2017-0428, CVE-2017-0429, CVE-2017-0435, CVE-2017-0436, CVE-2017-0444,
CVE-2017-0448, CVE-2017-0526, CVE-2017-0527, CVE-2017-6264, CVE-2017-6274,
CVE-2017-6275, CVE-2017-0651, CVE-2017-0709, CVE-2017-0824, CVE-2017-7368,
CVE-2017-8264, CVE-2017-10661, CVE-2017-14903 |
| Yuebin Sun of Tencent's Xuanwu Lab |
CVE-2017-0767, CVE-2017-0839, CVE-2017-0848 |
| Yuqi Lu (@nikos233) of C0RE Team |
CVE-2017-0383, CVE-2017-0401, CVE-2017-0417, CVE-2017-0425, CVE-2017-0483 |
| Yuxiang Li (@Xbalien29) of
Tencent Security Platform Department |
CVE-2017-0395, CVE-2017-0669, CVE-2017-0704 |
| Zach Riggle (@ebeip90) of the
Android Security Team |
CVE-2017-0710 |
| Zhanpeng Zhao (行之) (@0xr0ot) of
Security Research Lab, Cheetah Mobile |
CVE-2016-8451 |
| Zhe Jin (金哲) of Chengdu Security Response Center, Qihoo 360 Technology
Co. Ltd. |
CVE-2017-0758, CVE-2017-0760 |
| Zhen Zhou
(@henices) of
NSFocus |
CVE-2017-0406 |
| Zhi Xu of Palo Alto Networks |
CVE-2017-0752 |
| Zhixin Li of NSFocus |
CVE-2017-0406 |
| Zinuo Han from Chengdu Security
Response Center of Qihoo 360 Technology Co. Ltd. |
CVE-2017-0475, CVE-2017-0497, CVE-2017-0548, CVE-2017-0678,
CVE-2017-0691, CVE-2017-0700, CVE-2017-0714, CVE-2017-0718, CVE-2017-0719,
CVE-2017-0720, CVE-2017-0722, CVE-2017-0725, CVE-2017-0745, CVE-2017-0760,
CVE-2017-0761, CVE-2017-0764, CVE-2017-0776, CVE-2017-0777, CVE-2017-0778,
CVE-2017-0813, CVE-2017-0814, CVE-2017-0820, CVE-2017-0823, CVE-2017-0850,
CVE-2017-0858, CVE-2017-0879 |
| Zubin Mithra of Google |
CVE-2017-0462, CVE-2017-8241 |
We would also like to acknowledge the contributions of the following
individuals to Android security:
Abhishek Arya of Google Chrome Security Team
Adam Donenfeld et al. of Check Point Software Technologies Ltd.
Adam Powell of Google
Alex Chapman of Context Information Security
Altaf Shaik of Security in
Telecommunications
Andre Teixeira Rizzo
Andrea Biondo
Andrei Kapishnikov of Google
Andy Tyler (@ticarpi) of
e2e-assure
Anestis Bechtsoudis (@anestisb) of CENSUS S.A.
Ao Wang (@ArayzSegment) of
PKAV, Silence Information Technology
Askyshang of Security Platform Department, Tencent
Baozeng Ding of Alibaba Mobile Security Group
Ben Hawkes of Google Project Zero
Billy Lau of Android Security
Brad Ebinger of Google Telecom Team
Broadgate Team
Chad Brubaker of Android Security
Chao Yang of Alibaba Mobile Security Group
Chenfu Bao (包沉浮) of Baidu X-Lab
Chengming Yang of Alibaba Mobile Security Group
Chi Zhang of C0RE Team
Chiachih Wu (@chiachih_wu) of
C0RE Team from Qihoo 360
Christian Seel
Christopher Tate of Google
Constantinos Patsakis of University
of Piraeus
Cory Pruce of Carnegie Mellon University
Cristiano Giuffrida of Vrije Universiteit Amsterdam
Daniel Micay of Copperhead Security
David Benjamin of Google
David Riley of the Google Pixel C Team
Dawei Peng (Vinc3nt4H) of
Alibaba Mobile Security Team
Di Shen (@returnsme) of KeenLab
(@keen_lab), Tencent
Dianne Hackborn of Google
Dmitry Vyukov of Google Dynamic Tools team
Dominik Schürmann of Institute for
Operating Systems and Computer Networks, TU Braunschweig
Dongdong She of UC Riverside
Dongkwan Kim (dkay@kaist.ac.kr)
of System Security Lab, KAIST
dosomder
dragonltx of Alibaba mobile security team
DS
Dzmitry Lukyanenka (www.linkedin.com/in/dzima)
Ecular Xu (徐健) of Trend Micro
Efthimios Alepis of University of Piraeus
En He (@heeeeen4x) of MS509Team
Gal Beniamini (@laginimaineb,
http://bits-please.blogspot.com)
Gengjia Chen (@chengjia4574)
of Lab 0x031E, Qihoo 360 Technology Co. Ltd
Gengming Liu (刘耕铭) (@dmxcsnsbh)
of KeenLab, Tencent
George Piskas of
École polytechnique fédérale de Lausanne
Giovanni Vigna of University of California, Santa Barbara
Greg Kaiser of Google Android Team
Guang Gong (龚广) (@oldfresher)
of Qihoo 360 Technology Co. Ltd.
Hang Zhang of UC Riverside
Hanxiang Wen of C0RE Team
Hao Chen of Vulpecker Team, Qihoo 360 Technology Co. Ltd.
Hao Qin of Security Research Lab, Cheetah Mobile
Herbert Bos of Vrije Universiteit Amsterdam
Hongil Kim (hongilk@kaist.ac.kr)
of System Security Lab, KAIST
Imre Rad of Search-Lab Ltd.
Iwo Banas
Jake Valletta of Mandiant, a FireEye company
James Forshaw of Google Project Zero
Jann Horn (https://thejh.net)
Jason Rogena
Jeremy C. Joslin of Google
jfang of KEEN lab, Tencent (@K33nTeam)
Jianqiang Zhao (@jianqiangzhao)
of IceSword Lab, Qihoo 360
Joshua Drake (@jduck)
Jouni Malinen PGP id EFC895FA
Kai Lu (@K3vinLuSec) of
Fortinet's FortiGuard Labs
Kandala Shivaram reddy
Kaveh Razavi of Vrije Universiteit Amsterdam
Kenny Root of Google
Lee Campbell of Google
Lubo Zhang of C0RE Team
Maciej Szawłowski of the Google Security Team
Madhu Priya Murugan of CISPA, Saarland University
Makoto Onuki of Google
Marco Grassi (@marcograss) of KeenLab
(@keen_lab), Tencent
Marco Nelissen of Google
Mark Brand of Google Project Zero
Mark Renouf of Google
Martin Barbella of Google Chrome Security Team
Martina Lindorfer of University of California, Santa Barbara
Max Spector of Google
MengLuo Gou (@idhyt3r) of Bottle Tech
Michał Bednarski (
github.com/michalbednarski)
Mike Maarse
Min Chong of Android Security
Mingjian Zhou (@Mingjian_Zhou)
of C0RE Team, Qihoo 360
Miriam Gershenson of Google
Nancy Wang of Vertu Corporation LTD
Nasim Zamir
Nathan Crandall (@natecray) of
Tesla Motors Product Security Team
Nico Golde (@iamnion) of
Qualcomm Product Security Initiative
Nightwatch Cybersecurity Research
(@nightwatchcyber)
Ning You of Alibaba Mobile Security Group
Oleksiy Vyalov of Google
Oliver Chang of Google Chrome Security Team
Paul Stone of Context Information Security
Peng Xiao of Alibaba Mobile Security Group
Pengfei Ding (丁鹏飞) of Baidu X-Lab
Peter Pi (@heisecode) of Trend Micro
pjf of IceSword Lab, Qihoo 360
Quan Nguyen of Google Information Security Engineer Team
Qianwei Hu (rayxcp@gmail.com) of
WooYun TangLab
Qidan He (@Flanker_hqd) of
KeenLab (@keen_lab), Tencent
Richard Shupak
Ricky Wai of Google
Robin Lee of Google
Roee Hay, IBM Security X-Force Researcher
Roeland Krak
Romain Trouvé of
MWR Labs
Ronald L. Loor Vargas (@loor_rlv)
of TEAM Lv51
Sagi Kedmi, IBM Security X-Force Researcher
Samuel Tan of Google
Santos Cordon of Google Telecom Team
Scott Bauer
(@ScottyBauer1)
Sen Nie (@nforest_) of KEEN lab,
Tencent (@K33nTeam)
Sergey Bobrov (@Black2Fan) of
Kaspersky Lab
Seven Shen (@lingtongshen)
of Trend Micro (www.trendmicro.com)
Sharvil Nanavati of Google
Shinjo Park (@ad_ili_rai) of
Security in Telecommunications
Stuart Henderson
Su Mon Kywe of Singapore Management University
Tao (Lenx) Wei (韦韬) of Baidu X-Lab
Thom Does
Tieyan Li of Huawei
Tim Strazzere (@timstrazz) of
SentinelOne / RedNaga
Tom Craig of Google X
Tom Rootjunky
Tong Lin of
C0RE Team
Tongxin Li of Peking University
trotmaster (@trotmaster99)
Vasily Vasilev
Victor Chang of Google
Victor van der Veen of Vrije Universiteit Amsterdam
Vignesh Venkatasubramanian of Google
Vishwath Mohan of Android Security
Wei Wei (@Danny__Wei) of Xuanwu LAB, Tencent
Weichao Sun (@sunblate) of Alibaba Inc
Wen Niu (@NWMonster) of KeenLab
(@keen_lab), Tencent
Wenke Dou of
C0RE Team
Wenlin Yang of Alpha Team, Qihoo 360 Technology Co. Ltd.
William Roberts (
william.c.roberts@intel.com)
Wish Wu (@wish_wu)
(吴潍浠) of
Mobile Threat Response Team, Trend Micro Inc.
Xiaodong Wang of
C0RE Team
Xiaofeng Wang of Indiana University Bloomington
Xiling Gong of Tencent Security Platform Department
Xingyu He (何星宇) (@Spid3r_)
of Alibaba Inc
Xinhui Han of Peking University
Xuxian Jiang of C0RE Team,
Qihoo 360
Yabin Cui from Android Bionic Team
Yacong Gu of TCA Lab, Institute of Software, Chinese Academy of Sciences
Yakov Shafranovich of
Nightwatch Cybersecurity
Yang Dong of Alibaba Mobile Security Group
Yang Song of Alibaba Mobile Security Group
Yanick Fratantonio of University of California, Santa Barbara
Yao Jun of
C0RE Team
Yeonjoon Lee of Indiana University Bloomington
Yi Zhang of Alibaba Mobile Security Group
Yingjiu Li of Singapore Management University
Yong Shi of Eagleye team, SCC, Huawei
Yong Wang (王勇) (@ThomasKing2014)
of Alibaba Inc.
Yongke Wang (@Rudykewang) of
Xuanwu LAB, Tencent
Yongzheng Wu of Huawei
Yuan-Tsung Lo (computernik@gmail.com)
of C0RE Team
Yulong Zhang of Baidu X-Lab
Yuru Shao of University of Michigan Ann Arbor
Yuxiang Li (@Xbalien29) of
Tencent Security Platform Department
Zach Riggle (@ebeip90) of the
Android Security Team
Zhanpeng Zhao (行之) (@0xr0ot) of
Security Research Lab, Cheetah Mobile
Zhe Jin (金哲) of Chengdu Security Response Center, Qihoo 360 Technology Co.
Ltd.
Zhiyun Qian of UC Riverside
Zinuo Han of
PKAV, Silence Information Technology
Zubin Mithra of Google
