[gonmad]

Only 12 hours between an email and the account termination, with no real interaction and no way to change what seems not to be a serious problem.

That would change the time gap during responsible disclosure, Alphabet/Google is changing its metrics. I mean why only small developers would have to be mistreated.

If they play it that way, Android developers community can also report platform bugs to them - and go full disclosure (report the bug publicly) within 12 hours.

[Aeolun]

12:34 - I have found a security vulnerability

12:47 - I noticed you haven’t fixed it yet, if you don’t do it soon I’ll go public

14:13 - I noticed you still haven’t fixed it, please hurry, if you don’t do it soon I’ll go public

14:15 - I noticed you haven’t fixed the bug yet, if you don’t do it soon I’ll go public

16:55 - Since you still haven’t fixed this. I’ve made this public on my blog. Enjoy the consequences!

[cube00]

Based on the article even if Google replied you'd still be in line to disclose regardless, this poor developer's appeals were rejected, I'm not convinced a human ever read them on the way down.

[otakucode]

'Make game of that which makes as much of thee' is some ancient wisdom. This sort of behavior by Google certainly does justify providing no more than a 12 hour window to Google to fix problems under responsible disclosure. Many in the industry are unhappy with Google only giving companies 90 days with Project Zero as they feel that large corporations should be given preferential and deferential treatment (they are people after all), but when it comes to app developers 12 hours is acceptable? I think not. Those who wish to set the rules must be willing to play by the same.