Google Dishes Out £376k In Android Bug Bounties
Top researcher pockets £52,000 as Google uses Android vulnerabilities to secure Android N
Google has paid out £376,000 ($550,000) in bug bounties to 82 different people over the last 12 months, as the search giants continues to reward those who find security vulnerabilities on its Android platform.
It was last June when Google added its Android Security Rewards program to its Google Vulnerability Rewards Program, which started in 2010.
Google offered up to £26,000 ($38,000) per report that it used to fix vulnerabilities on the Android platform.
Since last June, Google said it has received over 250 vulnerability reports, with more than a third of them affecting Android’s Media Server. Google said that it has now hardened the security of the Media Server in Android N to make it more resistant to vulnerabilities.
Many other vulnerabilities were found in Android’s Open Source project, said Google.
Nexus devices
“While the program is focused on Nexus devices and has a primary goal of improving Android security, more than a quarter of the issues were reported in code that is developed and used outside of the Android Open Source Project,” Google wrote in a blog post.
“Fixing these kernel and device driver bugs helps improve security of the broader mobile industry (and even some non-mobile platforms).”
Security researcher Peter Pi was named as Google’s top Android research in the program, and was awarded a total of £52,000 ($75,750) for filing 26 vulnerability reports.
A sum of £6,800 ($10,000) or more went to 15 researchers.
In total, Google paid out £376,000 ($550,000) to 82 individuals, which comes in at an average of £1,500 ($2,200) per reward and £4,600 ($6,700) per researcher.
Now heading into its second year, Google also announced it will be increasing the amount it pays researchers for finding vulnerabilities in Android.
Google will now pay 33 percent more for a high-quality vulnerability report with proof of concept. A high quality vulnerability report with a proof of concept, a CTS Test, or a patch will receive an additional 50 percent more, said Google.
“Thank you to everyone who helped us make Android safer. Together, we made a huge investment in security research that has made Android stronger. We’re just getting started and are looking forward to doing even more in the future,” Google wrote.