Project Zero Prize Frequently Asked Questions


Q: What version of Android software must my entry work on?


Entries must work on two devices, the Nexus 6P and the Nexus 5X. Any Android Nougat (7.x) build that is available on up-to-date devices for the duration of the contest (i.e. all Android Nougat OTA builds) are eligible. These builds can be found on the OTA Images for Nexus Devices page. Participants may select any Android Nougat (7.x) build to demonstrate their entry on for each device.


Q: I’ve found part of a bug chain, but I haven’t finished it yet. What should I do?


You should report the bug(s) through the Android Bug Tracker using the “Project Zero Prize” template immediately. All bugs in an entry must be reported through this form before the entry is submitted, and entrants are allowed to use bugs they reported earlier in the contest as a part of an entry anytime during the contest, and they may demonstrate their entry on any eligible version of the Android software released during the contest period that the bugs are unpatched on (note that the entire bug chain must work on a single build).

This FAQ will be updated as we receive questions

8 comments:

  1. I didn't find a bug, but I did find a typo.

    "... participants who submit a winning entry WITH be invited..."
    will*

    I'll settle for a $200 reward. :P

    ReplyDelete
  2. What do I do after I broke into a nexus?

    ReplyDelete
  3. "Instead of saving up bugs until there’s an entire bug chain, and then submitting it to the Project Zero Prize, participants are asked to report the bugs in the Android issue tracker."
    "Entries should be sent to project-zero-prize@google.com. Once an entry is deemed complete and eligible, we will arrange a time with the participant to demonstrate their exploit on live devices"
    See this link: https://googleprojectzero.blogspot.cl/p/project-zero-security-contest-official.html?m=1

    ReplyDelete
  4. "Entries where the user must open an email in Gmail, or open an SMS in Messenger are eligible, otherwise no user interaction is allowed."

    This means the user cannot download an attachment or install any APK's

    ReplyDelete