The new program is called Android Security Rewards, and was announced today at the Black Hat’s Mobile Security Summit in London. Generally, the program aims to address serious security-related issues, rewarding those who uncover vulnerabilities of critical, high, and moderate severity, though Google notes that it will reward certain patches for low-severity vulnerabilities on a case-by-case basis.
As the Android Security Rewards program only concerns the Android Open Source Project (AOSP), the program only covers vulnerabilities found “in the latest available
That’s a fairly small list, but those who find and fix vulnerabilities for either device do stand to make a fairly tidy sum for their time. The rewards start at $500 for simply finding and reporting a moderate-severity vulnerability. Finding and fixing a bug of critical severity, on the other hand, could get you $8,000, assuming the fix is accepted. Rewards for uncovering certain exploits can gain those who find them up to an extra $30,000.
Since Google began offering rewards for bug fixes in 2010 the company has paid out more than $4 million. Last year alone the company paid out $1.4 million to over 200 researchers. Considering Android’s popularity among developers, this number will likely grow significantly with the introduction of the
If you’re a developer or security expert, or are simply interested in learning more about the program, head over to Google’s Android Security Rewards page for more information.
Editors' Recommendations
- Google just released the first Android 15 beta. Here’s what’s new
- Google just announced Android 15. Here’s everything that’s new
- You should pay attention to TCL’s two new Android tablets
- There’s a big problem with Samsung’s new Android tablets
- Your Google One plan just got 2 big security updates to keep you safe online
