Skip to main content

Google paying big for bug fixes in the new Android Security Rewards program

exploit
Image used with permission by copyright holder
For some time now Google has offered cash rewards to researchers and developers who find and fix software vulnerabilities in its various websites and apps. Now that program is expanding even further, offering rewards for fixing issues in the Android operating system.

The new program is called Android Security Rewards, and was announced today at the Black Hat’s Mobile Security Summit in London. Generally, the program aims to address serious security-related issues, rewarding those who uncover vulnerabilities of critical, high, and moderate severity, though Google notes that it will reward certain patches for low-severity vulnerabilities on a case-by-case basis.

Recommended Videos

As the Android Security Rewards program only concerns the Android Open Source Project (AOSP), the program only covers vulnerabilities found “in the latest available Android versions for Nexus phones and tablets currently available for sale in the Google Store.” Right now this means only the Nexus 6 and Nexus 9 count. Google has indicated that no other products like the Nexus Player, Android Wear, or Project Tango are included in the program.

Please enable Javascript to view this content

That’s a fairly small list, but those who find and fix vulnerabilities for either device do stand to make a fairly tidy sum for their time. The rewards start at $500 for simply finding and reporting a moderate-severity vulnerability. Finding and fixing a bug of critical severity, on the other hand, could get you $8,000, assuming the fix is accepted. Rewards for uncovering certain exploits can gain those who find them up to an extra $30,000.

Since Google began offering rewards for bug fixes in 2010 the company has paid out more than $4 million. Last year alone the company paid out $1.4 million to over 200 researchers. Considering Android’s popularity among developers, this number will likely grow significantly with the introduction of the Android Security Rewards program.

If you’re a developer or security expert, or are simply interested in learning more about the program, head over to Google’s Android Security Rewards page for more information.

Kris Wouk
Former Digital Trends Contributor
Kris Wouk is a tech writer, gadget reviewer, blogger, and whatever it's called when someone makes videos for the web. In his…
Google is cracking down on internet security in this big way
Connection is not private warning from Google.

Google is making some serious changes to digital certificate security on the web, the company announced on its Security blog. The big news is that Google will no longer trust certificates from two large security firms -- Entrust or AffirmTrust -- due to repeated security lapses.

According to Google, the companies, which are Certificate Authorities (CA), have demonstrated patterns of unmet improvement commitments, compliance failures, and no measurable progress in how fast the company responds to publicly disclosed incident reports.

Read more
Android 15 will give your phone an important new security feature
Android 15 logo on a Google Pixel 8.

Google is introducing a security feature in Android 15 to guard against "juice jacking" attacks, as reported by Android Authority, The new feature is currently being tested in the Android 15 beta.

Wondering what a "juice jacking" attack is? It describes an event where a hacker secretly sends data payloads to your device, should it have the ability to both charge and transfer data over the same USB connection. This includes most modern smartphones, and examples of hardware used for juice jacking include mobile charging stations. Should the attack be successful, hackers could compromise the device, wreak havoc, and endanger your privacy.

Read more
Google just announced 7 big Android updates. Here’s what’s new
Text editing in Google Messages.

If you have an Android phone or tablet or a Wear OS watch, you should sit up and pay attention. Google has just announced a bundle of new features it's rolling out soon, and from Google Messages updates to a better hotspot experience, there's a lot to dig into.

Earlier this year, Google was spotted testing a new edit feature for its RCS-powered Google Messages app. Well, it has finally made its way to the app with the latest Android feature drop.

Read more