Google Pays $550K To People Who Found Security Issues With Android

Image courtesy of Scott Akerman

One year after Google launched its Android Security Rewards program that aimed to compensate researchers who discovered vulnerabilities in the company’s products — software, tablets, and phones – the tech giant announced the program was a success, divvying out more than $550,000.

Google announced the results on its blog Friday, noting that the rewards went to 82 individuals who found more than 250 vulnerabilities with the company’s offerings.

One researcher provided the company with 26 vulnerability reports for a total of $75,750, while 15 other researchers received $10,000 or more for their reports.

While the program is focused on Nexus devices and has a primary goal of improving Android security, more than a quarter of the issues were reported in code that is developed and used outside of the Android Open Source Project, Quan To, program manager for Android Security, wrote in the blog post.

“Fixing these kernel and device driver bugs helps improve security of the broader mobile industry and even some non-mobile platforms,” he says.

Following the status report on Friday, Google announced it would revamp the program to provider larger rewards for reports submitted after June 1.

The company will increase its payouts by 33%. For example, the reward for a Critical vulnerability report with a proof of concept increased from $3,000 to $4,000, while rewards for remote or proximal kernel exploits will increase from $20,000 to $30,000.

“Thank you to everyone who helped us make Android safer,” To wrote.