Google's been paying big bucks for Android vulnerabilities (and that money's only getting bigger)

Google's been paying big bucks for Android vulnerabilities (and that money's only getting bigger)
Keeping an operating system secure is a constant battle. Every time you add a new feature, or change the way an existing one works, you risk introducing new bugs that could potentially be exploited by hackers. Google's wise enough to know that it can't stay on top of every last Android vulnerability on its own, and for the past year now the company's been offering a bug bounty for developers who find and report problems with Android system code. Now a year into this program, Google's sharing details on its success, and promising even more money to participants in the future.

Since its inception in June of last year, the Android Security Rewards program has paid over $550,000 for bug reports. While 82 people have claimed rewards of some size, a smaller group really stands out as the most productive; only 15 participants have taken home $10,000 or more, with the most prolific banking nearly $76,000 for 26 separate reports.

Google likes how the first year of Android Security Rewards went, but it's hoping the next year proves to be even better at stamping-out dangerous Android bugs. To that end, the company's upping its payouts for the most serious vulnerabilities in an effort to recruit even more talented minds to work on discovering them.

For instance, the reward for discovering a critical-rated bug and developing a proof of concept goes up from $3,000 to $4,000. Google's yet to make any payments for its very top-level vulnerabilities, but just in case some extra cash can help with motivation there, it's raising the reward for remote attacks capable of breaking TrustZone or Verified Boot from $30,000 to $50,000.

Anybody thinking about a side career tracking down Android security holes?

source: Google

FEATURED VIDEO

29 Comments

1. IAMBLCKJ3ZUS

Posts: 411; Member since: Sep 29, 2015

I found a bug in Android 6.1 and it's called Fragmentation haha my I get my reward money. IOS and Windows 10 mobile are update kings. #Surface Phone is going to change your life!

2. Chilidog

Posts: 29; Member since: Jun 11, 2015

Works on my phone. Sent from my Nexus 6P

4. vincelongman

Posts: 5691; Member since: Feb 10, 2013

Its a non-issue for non-fanboys If an Android user wants the newest version of Android, just get a Nexus or flash ROMs If an Android user doesnt care, which is most average users, they just get whatever they want Fragmentation isnt a major issue for devs either Out of the apps on my Nexus 5 67% - Marshmallow 22% - Lollipop 4% - KitKat 7% - Older/unknown That's not including system apps, including systems apps Marshmallow increases to 85% So as we can see, most devs are building apps for Marshmallow, even if its only on 10% of the almost 2 billion Android devices

6. IAMBLCKJ3ZUS

Posts: 411; Member since: Sep 29, 2015

Not for long when day dream drops looks like you'll be needing an upgrade.. Boom

3. ibend

Posts: 6747; Member since: Sep 30, 2014

fragmentation on android 6.1? are you drunk? believe it or not, 100% android 6.1 device are running Marshmallow, and no defragmentaion at all

11. Bernoulli

Posts: 4360; Member since: Sep 01, 2012

where's your proof? got any links to back yourself up?

7. Scott93274

Posts: 6033; Member since: Aug 06, 2013

I feel embarrassed for you for feeling so clever after saying something so stupid.

13. Mxyzptlk unregistered

It's stupid if you can't argue against it apparently.

16. Podrick

Posts: 1285; Member since: Aug 19, 2015

^^^^Scott mentioned stupid and Phonearena's resident stupid Mxy appeared lmao.

19. Scott93274

Posts: 6033; Member since: Aug 06, 2013

+1 for the truth LOL! It's kinda like Beetlejuice, you say "idiot" three times and he'll show up. Lets see if it works, iDiot, iDiot, iDiot!

25. Mxyzptlk unregistered

Well you appeared, so...

26. Scott93274

Posts: 6033; Member since: Aug 06, 2013

Hey it works! Here he is!!!

17. Scott93274

Posts: 6033; Member since: Aug 06, 2013

So then you're saying that you're stupid for not being able to argue your point with me in the following article? http://www.phonearena.com/news/Moto-Mods-prices-leaked-by-Verizon-prepare-to-pay-premium_id82111/comments

20. Podrick

Posts: 1285; Member since: Aug 19, 2015

Lol, that guy writes so much nonsense, sometimes I think its his hobby to write things that doesn't make sense and get wrecked by everyone because nobody can be that stupid. If its his hobby, its a really weird one.

21. Scott93274

Posts: 6033; Member since: Aug 06, 2013

And I can argue the points perfectly fine... Point 1: Fragmentation doesn't impact me one damn bit. The only people who actually act upset about it are iSheep trolls like yourself and IAMBLCKJ3ZUS. Point 2: iPhone OS updates are a joke. Most of the new features announced were for apps and Android user's get those ALL YEAR LONG. It was a major yawn fest. Point 3: Microsoft's mobile platform is a joke, no one really cares about it. Point 4: Mxyzptlk is a joke and no one cares about him. Are my points perfectly clear?

24. Mxyzptlk unregistered

1. I can sum that up in one word: denial 2. Lol, and Android isn't? You're either ignorant or a complete idiot if you think Android is devoid of any issues. Don't give me that bulls*** about you never having any issues because I can easily post links. So don't sit on your fat a-- and tell me you don't. 3. Ok? Just because you didn't like it doesn't make it a joke. I think it could have been done much better especially if Microsoft had followed through on the Project Astoria. 4. Just like your sex life.

27. Scott93274

Posts: 6033; Member since: Aug 06, 2013

1. I can sum you up in 4 words, "s**t faced cock master". 2. You can post links that prove that I have problems with Android? Am I featured in publications around the internet where I'm interviewed regarding my mobile phone experience? I have to read this. Alright, you said you can post links to prove that I have problems with Android. Time to nut up or shut up, lets see them. BTW, you misspelled "ass". 3. The largest force in the tech world for decades can only muster a measly 1% market share, Yeah, I think that's a big joke. 4. I find it flattering and yet extremely creepy that you "like my sex life". I mean I know you're not getting any, but that doesn't give you right to openly admit that you desire the intimacy that others have. Especially here. This is a tech site, keep to the subject creepo.

23. Mxyzptlk unregistered

The way I see it: Puppet master - me Puppets - Poodrick and Scott.

28. Scott93274

Posts: 6033; Member since: Aug 06, 2013

LOL, talking like Kanye again. I know, I know, you're a genius! .... though if you were to type this you'd type your a genius because after a year you still get "your" and "you're" mixed up.

10. CyberFalcon

Posts: 223; Member since: Apr 17, 2014

Pls get your facts right more than 50% of windows phones are never going to be updated to Windows 10. :P

29. jroc74

Posts: 6023; Member since: Dec 30, 2010

How long has Android been out, since 2008? If fragmentation hasnt really been a problem in all these years, I doubt its as big a problem as some of yall make it. Even from a developer point of view. The desktop and laptop market is just a fragmented and its surviving, PC gaming is fragmented and its surviving.

5. jphillips63

Posts: 253; Member since: Jan 04, 2012

Android has always been vulnerable to security holes. So this is really nothing new.

8. Scott93274

Posts: 6033; Member since: Aug 06, 2013

The Fappening and Internet Explorer are examples of gaping security flaws from Apple and Microsoft. Don't single out Android for having flaws with security when I can post numerous articles about competing platforms that are just as guilty.

9. kiko007

Posts: 7493; Member since: Feb 17, 2016

Wait.... what did Apple have to do with that?

12. Podrick

Posts: 1285; Member since: Aug 19, 2015

He was giving example and he mentioned Microsoft too. And jphilips guy above said Android has always been vulnerable to security holes. Thats true but so is every software in the world. Nothing is eternally safe from vulnerability.

14. Mxyzptlk unregistered

It doesn't. He just sees the need to drag their name into the argument even though it's irrelevant.

15. Podrick

Posts: 1285; Member since: Aug 19, 2015

Like you can talk. Its like ISIS promoting world peace.

18. Scott93274

Posts: 6033; Member since: Aug 06, 2013

Come up stupid, we've argued this before, you know I'm right and you can't win this argument. You don't think that Apple's half baked security measures resulted in people accessing thousands of personal photos from celebrity accounts? If they weren't at fault then there would have been no need for them to change a damn thing after it happened. Besides it's common knowledge that they were warned 6 months in advance for the security flaw and they did nothing about it.

22. Scott93274

Posts: 6033; Member since: Aug 06, 2013

I'm simply expanding on jphillips63's narrow minded comment to include actual examples of security flaws by Google's competition to remind him that gaping security issues are found everywhere thus making his comment a bit insignificant. Though if you have an issue with me bringing up Apple in a conversation about security holes, I will hold off on posting to various articles that might upset you.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.