Jun 16th, 2016

Android has been plagued with bugs for quite some time, and although the Android team is huge, there are still ways to help the team out to create a better version of Android for everyone.

security-265130_1920

Google introduced the Android Security rewards program last year, and it has offered up to $38,000 per report that was used to fix various vulnerabilities.

Here’s the different amounts that Google paid out in Android’s Security Rewards Program:

  • We paid over $550,000 to 82 individuals. That’s an average of $2,200 per reward and $6,700 per researcher.
  • We paid our top researcher, @heisecode, $75,750 for 26 vulnerability reports.
  • We paid 15 researchers $10,000 or more.
  • There were no payouts for the top reward for a complete remote exploit chain leading to TrustZone or Verified Boot compromise.

On top of already paying so much out to various researchers, Google has tons more planned for reporters starting June 1st.

  • We will now pay 33% more for a high-quality vulnerability report with proof of concept. For example, the reward for a Critical vulnerability report with a proof of concept increased from $3000 to $4000.
  • A high quality vulnerability report with a proof of concept, a CTS Test, or a patch will receive an additional 50% more.
  • We’re raising our rewards for a remote or proximal kernel exploit from $20,000 to $30,000.
  • A remote exploit chain or exploits leading to TrustZone or Verified Boot compromise increase from $30,000 to $50,000.

There’s a whole lot of money on the table for those who want to help turn Android into a better, more safe mobile platform. So if you’re able to, you might want to check out Google’s Vulnerability Rewards Program.

[via Google Security Blog]