June 2, 2017 by

Google Will Pay Up to $200,000 for Android Hacks

Google is increasing payouts for its Android bug bounty program, with rewards up to $200,000 for finding a critical vulnerability, quadrupling the top payout of $50.000 from 2016.

Google launched its ‘Android Security Rewards’ program in 2015 as a means to rewarding ethical hackers for spotting bugs in the world’s most widely used mobile operating system.

Over the past year, Google researchers revealed it had received over 450 vulnerability reports from security researchers. Average payouts per expert had jumped by over 50% from the first year, Google said. A total of $1.5 million in bounty rewards has been processed by the technology giant so far and Google is making it more lucrative than ever for Android hacking white hats.

On a blog published on June 1, Mayank Jain and Scott Roberts, researchers from the Android Security Team wrote:

Two years ago, we launched the Android Security Rewards program. In its second year, we’ve seen great progress. We received over 450 qualifying vulnerability reports from researchers and the average pay per researcher jumped by 52.3%. On top of that, the total Android Security Rewards payout doubled to $1.1 million dollars. Since it launched, we’ve rewarded researchers over $1.5 million dollars.

Notably, the researchers added that no payouts were made yet for the top reward for a complete remote exploit chain that could lead to TrustZone or Verified Boot compromise. For these exploits, Google is offering rewards from $50,000 up to $200,000. Rewards for remote kernel exploits have also increased, from $30,000 to $150,000.

On its website, Google details the exploits covered in the bug bounty program, a necessary cybersecurity program that will ultimately help secure the Android ecosystem which sees over 2 billion active devices around the world.

Google wrote:

Android Security Rewards covers bugs in code that runs on eligible devices and isn’t already covered by other reward programs at Google. Eligible bugs include those in AOSP code, OEM code (libraries and drivers), the kernel, and the TrustZone OS and modules.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Netflix Launches Public Bug Bounty Program

Streaming giant Netflix has announced the launch of a public bug bounty program designed to allow...

Read more arrow_forward

Security Researchers Uncover ‘World’s Most Powerful Android Spyware’

Security researchers at Kaspersky have uncovered a new form of Android spyware with capabilities...

Read more arrow_forward

This Android CryptoMining Malware is Capable of Destroying Android Phones

Cybersecurity researchers have discovered a “jack of all trades” cryptocurrency mining malware...

Read more arrow_forward