Skip to main content

Google's Android Security Rewards program has paid out more than $550,000 so far

Google has released an overview of its Android Security Rewards program, which has just wrapped up its first year. Added to the Google Vulnerability Rewards Program in June 2015, the Android Security Rewards program has thus far paid out more than $550,000 to security researchers for discovering and reporting vulnerabilities, the company revealed.

Here are some of the more interesting tidbits about the program's first year, highlighted by Google:

  • We paid over $550,000 to 82 individuals. That's an average of $2,200 per reward and $6,700 per researcher.
  • We paid our top researcher, @heisecode, $75,750 for 26 vulnerability reports.
  • We paid 15 researchers $10,000 or more.
  • There were no payouts for the top reward for a complete remote exploit chain leading to TrustZone or Verified Boot compromise.

Google also announced that it is making some changes to the program to pay more for qualifying vulnerabilities. In fact, the search giant says its maximum payout is being increased from $30,000 to $50,000. Meanwhile, the payout for a critical vulnerability with proof of concept will move from $3,000 to $4,000.

  • That's awesome progress!
  • Whats apple done ? Posted via Nexus 6P
  • They rest on their laurels Posted via Techmology
  • OMG, you just don't get it... Apple doesn't need this... OMG... LIKE O M G
  • Awesome! Better life for everyone - and @heisecode should be hired.
  • This is smart business. Posted via the Android Central App
  • With how it seems like almost daily we are hearing about another breach or hack, it is good to see Google doing this to strengthen the OS and find vulnerabilities that they may otherwise not find. 
  • That's a very interesting business practice. Comissioning others to help secure and toughen up your security. Great job google, keep up your great decisions to support yourself and your fans! Posted via the Android Central App
  • This is why Android is the most secure platform. Constantly addressing any potential threats. Posted via Techmology
  • Now they need to work on getting all the phone companies to update their software in a timely manner and at the same time. Don't leave it up to them to decide when, or even if, to update. Posted via the Android Central App