Cash rewards for fixing security bugs have always been a lucrative revenue stream for researchers and has resulted in more secure browsers and operating systems. Now, Google is bringing a similar reward scheme for users of Android phones.
The Android Security Rewards program will let researchers who seek out bugs to make some cash by reporting this to Google. A moderate severity bug will fetch $500 while a high severity bug will entail a prize of $1000. Critical bugs will double this to $2000. If the researcher can demonstrate a test case or provide a patch alongside the bug report, Google will increase that reward amount by 50% or 100% respectively. At the moment, the program is limited to covering vulnerabilities in the Nexus 6 and Nexus 9.
“In particular, we may decide to pay higher rewards for unusually clever or severe vulnerabilities; decide that a single report actually constitutes multiple bugs; or that multiple reports are so closely related that they only warrant a single reward.”
With annual shipments crossing 1.4 billion this year, Android is clearly the most popular mobile operating system by a massive margin. A 79.4% market share brings with it the same problem that Microsoft faces, a greater impetus for hackers to target the operating system for vulnerabilities. Programs like the Android Security Rewards Program stimulate external security researchers to assist in finding any loopholes in the security of the operating system before it can be exploited by hackers.
[Via – Google]