Previously, Project Zero researchers investigated bugs on Google-made Nexus devices but now they turned to Samsung devices because the South Korean conglomerate is one of the biggest Android OEMs in the world. The eleven security flaws were found during a week-long competitive search:
The gave themselves a week to root out vulnerabilities, and to keep everyone sharp, the researchers made a contest out of it pitting the North American and European participants against each other.
Their efforts resulted in the discovery of 11 vulnerabilities, the "most interesting" of which was CVE-2015-7888. It's a directory traversal bug that allows a file to be written as a system. Project Zero said it was trivially exploitable, though it's also one of several that Samsung has since fixed.