I wouldn't recommend https://code.google.com/p/android/issues/. We can mark issues private, but I don't think reporters can on initial submission. The "Android Security FAQ" says to email secur...@android.com, see below for more.
-bri http://developer.android.com/guide/faq/security.html I think I found a security flaw. How do I report it? ________________________________ You can reach the Android security team at secur...@android.com. If you like, you can protect your message using our PGP key. We appreciate researchers practicing responsible disclosure by emailing us with a detailed summary of the issue and keeping the issue confidential while users are at risk. In return, we will make sure to keep the researcher informed of our progress in issuing a fix. On Tue, Aug 27, 2013 at 10:02 AM, Jeffrey Walton <noloa...@gmail.com> wrote: > On Mon, Aug 19, 2013 at 12:50 PM, James <james.col...@gmail.com> wrote: >> Hi, >> I've written a proof of concept apk that manages to send data back to my >> server without the apk having the INTERNET permission. >> What is the correct way to disclose this vulnerability? Or is this already >> known? > https://code.google.com/p/android/issues/. I believe there's a > "security" checkbox that keeps it private until AOSP decides upon > disposition. > >> Or is this already known? > Now how are we supposed to be able to answer that without seeing the > bug or POC :) > > Jeff > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to android-security-discuss+unsubscr...@googlegroups.com. > To post to this group, send email to > android-security-discuss@googlegroups.com. > Visit this group at http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
