Samsung has announced a new bug bounty programme for its mobile devices. The goal seems to be to enhance security for Samsung’s smartphones and tablets. Payouts can go up to $200,000 depending on the severity of the exploit, although there are quite a few requirements to meet before being able to collect on the bounty.
This bug bounty programme only covers Samsung mobile devices currently receiving monthly and quarterly security updates. That’s still 38 different smartphones and tablets. Although it also only covers devices from 2016 and later. The programme also includes Samsung Mobile Services, including Bixby, Samsung Account, Samsung Pay and Samsung Pass.
Samsung is also not paying out any money for exploits that would be extremely difficult to pull off in the real world. These include things like having to connect the phone to a device with developer level access or requires an extremely complex scenario to pull off. Curiously, it also disqualifies any exploit that’s also covered by other bug bounty programmes (like those from Google or Qualcomm).
It would look like Samsung is taking a very narrow focus on its bug bounty. Looking into mainly securing its own homegrown services and allowing third parties to deal with fixing their own products.