An alternative would be to go show a bunch of journalists that you can unlock their phone and have this all over the news. You get your name /really/ out there for holding Google accountable for security negligence and ignoring a very reasonable 90 day window. The exposure could lead to millions in security consulting contract work over time if played right.
Disclosing on time is a way to force companies to fix the bugs, and to get a major social capital boost that can be used to get a return on the time investment.
Personally I love when companies try to call my bluff. Great chance to educate the public on why they should not be trusted.
Disclosing on time is a way to force companies to fix the bugs, and to get a major social capital boost that can be used to get a return on the time investment.
Personally I love when companies try to call my bluff. Great chance to educate the public on why they should not be trusted.