As a part of their security program that aims to trace, find and repair security holes in their products, Google pays who reports issues. At this time, Google has introduced they are increasing their Security Rewards Program to Android. The program presently encompasses the latest out there Android versions for Nexus devices within the U.S. Google Store, which right now means just the Nexus 6 and Nexus 9.
We are launching Android Security Rewards to assist reward the contributions of security researchers who invest their effort and time in serving to us make Android safer. Through this program we offer monetary rewards and public recognition for vulnerabilities disclosed to the Android Security Team. The reward is based on the bug severity and will increase for higher quality reports that include test cases, reproduction code and patches.
Google’s Android platform is the most well-liked mobile operating system in the world. Last month, research agency IDC predicted that total Android smartphone shipments will hit 1.4 billion of 2021, giving the platform 79.4% share. Apple’s iOS will nab 16.4% of the market. Looking forward to of 2021, Android will still own 79% of the market, according to IDC.
Rewards range from $333 for a test case of a low-severity bug up to $8,000 for a “well-written CTS test and patch” for a critical bug.
Device users do not stand to make money as a part of the program, but if it is successful, they’d get a more secure operating system in Android. And in a world where hackers are more and more turning their attention to mobile devices, that might prove to be valuable.
The following table sums up the standard rewards:
According to Google the program applies only to bugs not covered by current reward schemes, and include bugs found in AOSP code, OEM code (libraries and drivers), the kernel, and the TrustZone OS and modules.
As well as, Google says that only the 1st person to identify the bug will get the reward. If in case the issues are introduced to the public earlier than Google, rewards will not be offered. Google mentioned it may not issue a reward for bugs that cause an app to crash or issues that require a complex set of actions to happen in order for them to be exploited.
If you are into looking at Google Code and have some issues you would wish to report, Google needs to hear about them. For more info on how to report bug, or rewards head to the Android Security Rewards support page for more info.