Rony Das, a cyber security expert, who hails from Lower Assam’s Bongaigaon district, has reported a bug in the Android Foreground Services which could be exploited by someone to hack into user data.
Das created a software after he had faced some technical problems on his mobile phone. He was trying to solve the issue which led him to the discovery of this particular vulnerability.
Das reported it to Google in May, 2021, and since then he has been exchanging information on it.
After almost six months, Google rewarded him $5000 USD for reporting the bug.
“As a recognition of your efforts, we would like to offer you a discretionary reward of $5000. Please note that this is a one-time exception to our normal procedures as a thank you for the high-quality submission and follow-up information you provided,” said an email from Google Android Security Team to Das.
Das said that the vulnerability could run background processes in Android without being detected by users.
He also said that the bug he found defeats the purpose of having Android Foreground Services.
His exploit bypasses this process and is able to access the hardware such as camera, microphone and location from the background without letting the user know or notifying anything.
Das further added that the bug has been fixed in the upcoming Android versions.