android-m-security-date

A year ago, Android was added to the Google Vulnerability Rewards Program that pays researchers for submitting security bugs that affect various products and services. Google has since paid over $550,000 in rewards and is raising the amount going forward.

In total, over 250 qualifying vulnerability reports were submitted by 82 individuals. This resulted in an average of $2,200 per reward and $6,700 per researcher. The top researcher earned $75,750 for 26 vulnerability submissions and 15 researchers received $10,000 or more. For a full list, head to the Android Security acknowledgements page.

There were no payouts for the top reward of a complete remote exploit chain leading to TrustZone or Verified Boot compromise. More than a third of the submitted reports concerned the Media Server responsible for playback and which led to Stagefright. Google has since taken a number of steps to harden the system in Android N.

The program is aimed at Nexus devices, but more than a quarter of the issues were reported in code that is developed and used outside of the Android Open Source Project. This include kernel and device driver bugs from third-party vendors.

Starting June 1st, Google will begin paying researchers more for submitted vulnerabilities. High-quality vulnerability reports with proof of concepts will net 33% more and reports with a proof of concept, CTS Test, or a patch will receive an additional 50%. Rewards for a remote or proximal kernel exploit increase from $20,000 to $30,000. Lastly, the top rewards for exploiting TrustZone and Verified Boot will increase from $30,000 to $50,000.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Google on YouTube for more news:

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author