Android Security Reward Program
The Andriod Security Reward program was started by Google in June 2015. Through this program, researchers find vulnerabilities in Android and Nexus phones and tablets and in return, Google awards them money. It turns out the program was a success for both the company and the researchers. In the first year of the program, Google has paid 550K to 82 researchers for finding 250 vulnerabilities. These vulnerabilities include security flaws that could cause Andriod users phone to be hacked.
Google pointed out “More than a third of them were reported in Media Server which has been hardened in Android N to make it more resistant to vulnerabilities,”
The $550K in reward money is more than the double the reward money Google announced in January 2016.
Android Security Program Manager Quan wrote in a blog post: “The top researcher, identified by Google as @heisecode, is actually making a decent living finding Android bugs; he won a total of $75,750 for 26 vulnerability reports.”
The company has decided to increase the award after June 1, 2016. So, one can now earn even more for finding security flaws in Android.
According to the new awards any researcher who submits “high-quality” bug with proof of concept will earn 33 percent more than the award last year. Any researcher who brings forward a high-quality vulnerability with a proof of concept, a CTS Test or a patch will earn 50 percent more than the current award. The award for reporting “remote or proximal kernel exploit” has been increased from $20,000 to $30,000. Any researcher who reports “remote exploit chain or exploits leading to TrustZone or Verified Boot compromise” will be awarded $50,000 instead of $30,000.
Google has been running Security Reward Program since 2010. This program awards money to researchers who find security flaws in Google software and hardware. Android Security Reward program is also a part of this broader program. Google has also started a new program called Vulnerability Research Grants this year. In this program, Google pays researchers to find bugs in the system before they start their work.