Google takes the security of the Android universe a step further with the creation of the "Android Partner Vulnerability Initiative" program. Its goal is to detect and correct flaws in the codes of its partners: the overlays created by the manufacturers, the preinstalled applications, the firmware of hardware components, etc.
This work will be done by Google engineers and therefore does not fall under a "bug bounty", as it already exists for the Android system and for the apps in the Play Store.
Around ten flaws are already on Google's hunting chart. Examples: a data leak in ZTE's web browser; a backdoor in some ZTE models allowing any app to quietly install other apps; too much permissiveness in the automatic update service at Oppo; a flaw that allows a third-party application to recover a backup of the terminal from Huawei; etc. In the vast majority of cases, partners released fixes within 90 days.
Source : Google