I have heard a lot about Android security vulnerabilities. These are very annoying, because phone manufactures do not provide any updates (even security) for older phone. Therefore, each Goggle’s step, which helps to improve the security of Android is priceless! However, it looks that information about security errors have their price and it is not low.

A year ago, Google has launched Android Security Rewards. In my opinion, of you are a security expert, then you should to start study Android code, because you can earn a lot. Google offers up to $38 000 per report which will be used to fix the Android and protect its users. You may think that Google avoids rewards payment, but this in not true.

Google has paid over $550 000 to 82 individuals for 250 reports total.

This is the average of $2 200 per a reward and $6 700 per security researcher. The top researcher has reported 26 vulnerabilities and gained $75 750. 15 people have rewarded at least $10 000. However, there was no a payout for the top reward for an remote exploit chain leading to TrustZone or Verified Boot compromise.

Starting from June 1st, Google will increase the amount of rewards. They will pay 33% for high-quality vulnerability report with proof of concept.

You are interested in? HERE you can read the summary and planned changes. The program is described on THIS page.

Comments

comments