Google Paid Above $550,000 to Android Bug Hunters

Google has paid out more than $550,000 to 82 individuals through its Android Security Rewards program which was launched a year ago. This rewards program pays researchers who discover security flaws in Google’s Mobile platform. Now, the tech giant Google after a year, with the view of expanding its bug bounty program made an announcement on Thursday that it has paid $2,200 per reward and $6,700 per researcher.

And now it is going to offer 33 percent more to the “High Quality” vulnerability reports with proof of concept. Reports with proposed patches will be paid 50 percent more than the regular pay. So, a vulnerability report with proof of concept will earn $4,000 instead of getting $3,000.

Major Announcements Made in Google I/O 2016

The Tech giant has announced that these changes affect all the bug submissions filed after 1st June 2016. And in this discussion Google said that it has received more than 250 qualifying Android Vulnerability reports over the past year. A top bug hunter of the year, “@heisecode” earned $75,750 for 26 reports and 15 other researchers received $10,000 or more.

Besides finding flaws in Android, Google encourages the researchers to report problems outside the operating system too. Google claimed that out of 250 reports, more than a third were for the affected Media Server module, which is promised to have been mostly fixed and even made more resistant in Android N. And the giant also said that more than a quarter of the reported issues affect code developed and used outside of the Android Open Source Project.

Is Android N Named as Namey McNameface?

“Fixing these kernel and device driver bugs helps to improve security of the broader mobile industry (and even some non-mobile platforms),” Google wrote in a blog post.

As per the improvements made to the Android VRP, proximal exploit reward goes up from $20,000 to $30,000. And a remote exploit chain or exploits leading to TrustZone or Verified Boot Compromises increases from $30,000 to $50,000. Google has spent millions of dollars in rewards through similar programs. So, hackers and developers who can find an Android vulnerability will make huge cash.