Google's been paying big bucks for Android vulnerabilities (and that money's only getting bigger)
Since its inception in June of last year, the Android Security Rewards program has paid over $550,000 for bug reports. While 82 people have claimed rewards of some size, a smaller group really stands out as the most productive; only 15 participants have taken home $10,000 or more, with the most prolific banking nearly $76,000 for 26 separate reports.
Google likes how the first year of Android Security Rewards went, but it's hoping the next year proves to be even better at stamping-out dangerous Android bugs. To that end, the company's upping its payouts for the most serious vulnerabilities in an effort to recruit even more talented minds to work on discovering them.
For instance, the reward for discovering a critical-rated bug and developing a proof of concept goes up from $3,000 to $4,000. Google's yet to make any payments for its very top-level vulnerabilities, but just in case some extra cash can help with motivation there, it's raising the reward for remote attacks capable of breaking TrustZone or Verified Boot from $30,000 to $50,000.
Anybody thinking about a side career tracking down Android security holes?