Google Increases Android Bug Rewards
Written by Kay Ewbank   
Thursday, 23 June 2016

Google is increasing the amount it pays as rewards for finding bugs and security vulnerabilities in Android with a new upper limit of $50,000

Android Security Rewards were introduced a year ago, joining the Google Vulnerability Rewards Program. The initial offer was of up to $38,000 per report that Google could use to fix vulnerabilities and protect Android users.

androidlogo

According to a post on the Android Developers blog, during the year Google has received 250 qualifying vulnerability reports. More than a third of the problems were reported in Media Server, and this has now been hardened in Android N to make it more resistant to vulnerabilities.

bug200
The blog post says that while the program is mainly aimed at Nexus devices and designed to improve Android security, a substantial group - more than a quarter - of the problems were reported in code developed and used outside of the Android Open Source Project, such as device driver and kernel bugs.

The average reward paid out over the year was $2,200 per reward. 82 people received rewards, with each receiving an average of $6,700. 

The highest amount paid to a single person was $75,750 for 26 vulnerability reports, and 15 researchers were paid $10,000 or more. There were no payouts for the top reward for a complete remote exploit chain leading to TrustZone or Verified Boot compromise.

The changes to the program mean high quality vulnerability reports with proof of concept will receive 33% more, so that the reward for a Critical vulnerability report with a proof of concept has increased from $3000 to $4000.

A high quality vulnerability report with a proof of concept, a CTS Test, or a patch will receive an additional 50%. The reward for a remote or proximal kernel exploit has gone up from $20,000 to $30,000, and the reward for a remote exploit chain or exploits leading to TrustZone or Verified Boot compromise has increased from $30,000 to $50,000.

bug200

More Information

Android Developers Blog

Bug Report Program Rules

Bug Hunter University

Related Articles

New Android Bug Bounty Scheme

Android Security Hole More Stupid Error Than Defect

Android N Developer Preview

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter,subscribe to the RSS feed and follow us on, Twitter, FacebookGoogle+ or Linkedin

 

Banner

TestSprite Announces End-to-End QA Tool
14/11/2024

TestSprite has announced an early access beta program for its end-to-end QA tool, along with $1.5 million pre-seed funding aimed at accelerating product development, expanding the team, and scaling op [ ... ]


+ Full Story
Data Wrangler Gets Copilot Integration
11/11/2024

Microsoft has announced that Copilot is being integrated into Data Wrangler. The move will give data scientists the ability to use natural language to clean and transform data, and to get help with fi [ ... ]


+ Full Story
More News

 

espbook

 

Comments




or email your comment to: comments@i-programmer.info

 
Last Updated ( Thursday, 23 June 2016 )