Save over 40% when you secure your tickets today to TNW Conference 💥 Prices will increase on November 22 →

This article was published on June 16, 2015

Google launches Android security bug reward program with up to $38,000 payouts


Google launches Android security bug reward program with up to $38,000 payouts

Google’s paid out more than $ 4 million since 2010 across its various vulnerability disclosure programs. In 2014, it paid out $1.5 million alone. Today, the company is launching a new program focused specifically on Android.

Called Android Security Rewards, it will pay out a range of cash bonuses based on the type of vulnerability reported and the amount of work put in. Submitting a simple, reproducible bug description would net you roughly $2,000.

A researcher who finds a bug, produces a test case, produces a patch and produces an exploit for a remote critical issue could be receiving somewhere in the region of $38,000, which provides a pretty big lure to seek out weaknesses in the OS, Android’s head of security Adrian Ludwig explained to me.

It might seem backwards, but with this new program  and its Chrome Reward or Patch Reward (or any of its other security initiatives) Google is really hoping to pay out as much money as possible. More rewards mean more bugs found and eliminated, making for an overall more secure platform.

Another shift underway is the way in which Google will notify developers about potential vulnerabilities in apps on Google Play. Until now, it’s just been telling them about the issues.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

For example, it began telling developers to upgrade to the new version of OpenSSL a year ago.

However, from early July, it will stop allowing updates to be rolled out until a it’s using the new version of OpenSSL.

“We’re transitioning from notifying developers and giving them information to using Google Play as a way to incentivize developers to fix these issues,” Ludwig said.

If you’re a security researcher looking to get started on the Android Reward program, it’s worth pointing out the only vulnerabilities found on Nexus 6 and 9 devices are eligible.

Android Security Rewards

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with