Guang Gong keeps disclosing many remote Chromium/Android zero click vulns, every year, which could've earned him millions on zerodium, and even more if put to real use.<p>Deserves respect at least.
"We can offer a few additional recommendations:
Transparency and openness:
(...) More generally, the competitive benefits of a closed platform approach to hardware internals should be reassessed in 2020. This balance may have been historically appropriate when the GPU was not in the critical path for security, but today billions of users are relying on the GPU to uphold the operating system security model. "<p>This.
At least the GPU stuff is getting some scrutiny.<p>Their modem code is a security nightmare and outside Qualcomms modem teams nobody is allowed to see it.
Next time Project Zero finds an iOS bug and people suggest it is a commercial hitjob, point them at this.<p>Qualcomm (and all Android vendors) look like they have been screwed by this. (To be clear - they are screwed because their processes are to slow to get security updates out).