Google-Play-Store-AH-1

Android Security Rewards Launches with $38K in Payouts

June 16, 2015 - Written By Alexander Maxham

When you build software that millions, if not billions of people use everyday. It’s important to have others attempt to hack that software for security bugs. And even then, all the bugs won’t be gone. Google has done various other vulnerability disclosure programs and have paid out $4 million since 2010. In fact, last year it paid out $1.5 million alone. Google’s new program, Android Security Rewards pays out a range of cash bonuses based on the type of vulnerability that was found. Another factor into the bonus is the amount of work that was put in. For example, sending in a simple, reproducible bug description will get you around $2,000.

However, if you find a bug, produce a test case, create a patch and produces an exploit for a remote critical issue could net you around $38,000. Adrian Ludwig who is the head of Android’s Security team spoke with The Next Web and stated that provides a big lure to seek out weaknesses in an OS. Google is actually hoping to pay out as much money as possible in this new Android Security Rewards initiative. It might sound odd, but this means that more bugs have been found and fixed, and that there will be less exploits, creating a more secure platform.

Additionally, Google is changing the way the company will notify developers about potential vulnerability in apps listed on Google Play. Up until now, the system has only told them about the issues. Now it will give them a timeline to fix these issues. A good example is that Google wanted developers to upgrade to a new version of OpenSSL about a year ago. Starting in July, any updates that are not using the new version of OpenSSL will not approved.

Ludwig informed The Next Web, “We’re transitioning from notifying developers and giving them information to using Google Play as a way to incentivize developers to fix these issues.”

If you’re interested in the Android Security Rewards program, be sure to check out the source link down below. It’s a great opportunity to grab some cash, but also help make Android that much more secure and stable.