Docs: Remove security@android.com and replace with bug queue where applicable
Bug: 21730350
Change-Id: Idab7405bfb723353b2dd66d4de7d65b8ca0bc673
diff --git a/src/security/implement.jd b/src/security/implement.jd
index 2a7c890..bb189e1 100644
--- a/src/security/implement.jd
+++ b/src/security/implement.jd
@@ -141,7 +141,10 @@
it.</li>
<li>If you become aware of a security issue affecting Android OS or Android
devices from multiple OEMs, you <strong>should</strong> contact the Android
-Security Team at <em>security@android.com</em>.</li>
+Security Team with a bug filed through the AOSP bug tracker <a
+href="https://code.google.com/p/android/issues/entry?template=Security%20bug%20report">Security
+bug report</a> template.</p>
+.</li>
</ol>
<h2 id="prod-implement">Product implementation</h2>
diff --git a/src/security/overview/acknowledgements.jd b/src/security/overview/acknowledgements.jd
index 13b4f68..6efa170 100644
--- a/src/security/overview/acknowledgements.jd
+++ b/src/security/overview/acknowledgements.jd
@@ -26,9 +26,11 @@
<p>The Android Security Team would like to thank the following people and
parties for helping to improve Android security. They have done this either by
-finding and responsibly reporting security vulnerabilities to <a
-href="mailto:security@android.com">security@android.com</a> or by committing code
-that has a positive impact on Android security, including code that qualifies
+finding and responsibly reporting security vulnerabilities through the AOSP bug
+tracker <a
+href="https://code.google.com/p/android/issues/entry?template=Security%20bug%20report">Security
+bug report</a> template or by committing code that has a positive
+impact on Android security, including code that qualifies
for the <a href="https://www.google.com/about/appsecurity/patch-rewards/">Patch
Rewards</a> program.</p>
@@ -332,7 +334,3 @@
<p>Charlie Miller (<a href="https://twitter.com/0xcharlie">@0xcharlie</a>)</p>
</div>
-
-<br>
-<p><small>If you have reported a vulnerability prior to 2014 and want to be
-included on this list, or to report a vulnerability in Android, contact <a href="mailto:security@android.com">security@android.com</a></small></p>
diff --git a/src/security/overview/updates-resources.jd b/src/security/overview/updates-resources.jd
index 8c8d047..5bd893e 100644
--- a/src/security/overview/updates-resources.jd
+++ b/src/security/overview/updates-resources.jd
@@ -31,9 +31,10 @@
<p>The Android security team finds security vulnerabilities through internal
research and also responds to bugs reported by third parties. Sources of
-external bugs include issues reported through the <a
-href="https://code.google.com/p/android/issues/list">Android Open Source
-Project (AOSP) bug tracker</a>, published and pre-published academic research,
+external bugs include issues reported through the Android Open Source
+Project (AOSP) <a
+href="https://code.google.com/p/android/issues/entry?template=Security%20bug%20report">Security
+bug report</a> template, published and pre-published academic research,
upstream open source project maintainers, notifications from our device
manufacturer partners, and publicly disclosed issues posted on blogs or social
media.</p>
@@ -51,13 +52,6 @@
security issue, please attach it to the bug report and wait for a response
before uploading the code to AOSP.</p>
-<p>If you need to reach the Android security team for a purpose other than
-reporting a vulnerability, please contact <a
-href="mailto:security@android.com">security@android.com</a>. The Android
-security team has a <a
-href="https://developer.android.com/security_at_android_dot_com.txt">PGP
-key</a> if you need to encrypt your message.</p>
-
<h2 id=triaging_bugs>Triaging bugs</h2>
<p>The first task in handling a security vulnerability is to identify the severity
@@ -245,13 +239,9 @@
<p>Information for Android application developers: <a
href="https://developer.android.com">https://developer.android.com</a></p>
-<p>The Android security team can be reached at <a
-href="mailto:security@android.com">security@android.com</a>. Our PGP key: <a
-href="https://developer.android.com/security_at_android_dot_com.txt">https://developer.android.com/security_at_android_dot_com.txt</a></p>
-
<p>Security information exists throughout the Android Open Source and Developer
sites. Good places to start:<br>
-<a href="http://source.android.com/security/index.html">{@docRoot}security/index.html</a><br>
+<a href="https://source.android.com/security/index.html">https://source.android.com/security/index.html</a><br>
<a href="https://developer.android.com/training/articles/security-tips.html">https://developer.android.com/training/articles/security-tips.html</a></p>
<p>Community resource for discussion about Android security: <a
diff --git a/src/security/selinux/index.jd b/src/security/selinux/index.jd
index 3553bc7..8745f8e 100644
--- a/src/security/selinux/index.jd
+++ b/src/security/selinux/index.jd
@@ -98,8 +98,3 @@
<p><a href="https://www.nsa.gov/research/_files/publications/selinux_configuring_policy.pdf">https://www.nsa.gov/research/_files/publications/selinux_configuring_policy.pdf</a></p>
<p><a href="https://www.gnu.org/software/m4/manual/index.html">https://www.gnu.org/software/m4/manual/index.html</a></p>
-
-<h2 id=help>Help</h2>
-
-<p>Over time, Android intends to support common manufacturer additions in its
-default SELinux policy. For more information, contact <a href="mailto:security@android.com">security@android.com</a>.</p>
diff --git a/src/security/verifiedboot/index.jd b/src/security/verifiedboot/index.jd
index d254074..05c034f 100644
--- a/src/security/verifiedboot/index.jd
+++ b/src/security/verifiedboot/index.jd
@@ -88,6 +88,3 @@
Chromium Projects - Verified Boot</a><br/>
<a
href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=Documentation/device-mapper/verity.txt">Linux Kernel Documentation: verity.txt</a></p>
-
-<p>For additional assistance, contact
-<a href="mailto:security@android.com">security@android.com</a>.</p>
\ No newline at end of file
diff --git a/src/source/report-bugs.jd b/src/source/report-bugs.jd
index 3b65e8f..aca8e43 100644
--- a/src/source/report-bugs.jd
+++ b/src/source/report-bugs.jd
@@ -27,14 +27,15 @@
<p>Thank you for your interest in Android! One of the best ways you can help us
improve Android is to let us know about any problems you find with it.</p>
<h2 id="report-issues">Report Issues</h2>
-<p class="note"><strong>Note:</strong> For security vulnerabilities, please see
-<a href="{@docRoot}security/overview/updates-resources.html#reporting-security-issues">Reporting Security Issues</a>. If you think you've found
-a security vulnerability, <em>please don't use the forms below</em>. Using a public form may
-allow anyone to see your report, which may put users at risk until the bug is
-fixed. Instead, please send an email detailing the issue to security@android.com.</p>
+<p class="note"><strong>Note:</strong> For security vulnerabilities, please use
+the AOSP bug tracker <a
+href="https://code.google.com/p/android/issues/entry?template=Security%20bug%20report">Security
+bug report</a> template. See <a
+href="{@docRoot}security/overview/updates-resources.html#report-issues">Reporting
+Security Issues</a> for additional details.</p>
<p>Here's how to report <strong>non-security</strong> bugs:</p>
<ul>
-<li>
+<li>
<p><a href="https://code.google.com/p/android/issues/advsearch">Search for
your bug</a> to see if anyone has already reported it. Don't forget to
search for all issues, not just open ones, as your issue might already
