Google Will Pay Up to $200,000 for Android Hacks

Android

Google is increasing payouts for its Android bug bounty program, with rewards up to $200,000 for finding a critical vulnerability, quadrupling the top payout of $50.000 from 2016.

Google launched its ‘Android Security Rewards’ program in 2015 as a means to rewarding ethical hackers for spotting bugs in the world’s most widely used mobile operating system.

Over the past year, Google researchers revealed it had received over 450 vulnerability reports from security researchers. Average payouts per expert had jumped by over 50% from the first year, Google said. A total of $1.5 million in bounty rewards has been processed by the technology giant so far and Google is making it more lucrative than ever for Android hacking white hats.

On a blog published on June 1, Mayank Jain and Scott Roberts, researchers from the Android Security Team wrote:

Two years ago, we launched the Android Security Rewards program. In its second year, we’ve seen great progress. We received over 450 qualifying vulnerability reports from researchers and the average pay per researcher jumped by 52.3%. On top of that, the total Android Security Rewards payout doubled to $1.1 million dollars. Since it launched, we’ve rewarded researchers over $1.5 million dollars.

Notably, the researchers added that no payouts were made yet for the top reward for a complete remote exploit chain that could lead to TrustZone or Verified Boot compromise. For these exploits, Google is offering rewards from $50,000 up to $200,000. Rewards for remote kernel exploits have also increased, from $30,000 to $150,000.

On its website, Google details the exploits covered in the bug bounty program, a necessary cybersecurity program that will ultimately help secure the Android ecosystem which sees over 2 billion active devices around the world.

Google wrote:

Android Security Rewards covers bugs in code that runs on eligible devices and isn’t already covered by other reward programs at Google. Eligible bugs include those in AOSP code, OEM code (libraries and drivers), the kernel, and the TrustZone OS and modules.

Image credit: Pexels.