Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream.


Google announced today that it has paid out more than $550,000 to 82 security researchers who have detected vulnerabilities within the Android mobile operating system. This was done under the auspices of the company’s Android Security Rewards program, which launched last year.

Over 250 “qualifying” vulnerability reports have already been submitted to Google. More than a third of these pertained to Media Server, which the company said it has improved to make it more resistant to vulnerabilities. Over 25 percent of the issues received were reported in code that’s developed and used outside of the Android Open Source Project.

Out of the $550,000 dispensed, Google gave average rewards of $2,200 to $6,700 per researcher. The highest amount of $75,750 was given to Peter Pi, who submitted 26 vulnerability reports. Fifteen researchers received at least $10,000 in payouts. The company revealed that the top prize for a complete remote exploit chain leading to a TrustZone or Verified Boot compromise remains unclaimed.

Following the program’s inaugural year, Google has made changes that will lead to payout increases. Specifically, the company will pay 33 percent more for high-quality vulnerability reports with proof of concept and 50 percent more with the addition of a CTS Test or a patch.

In addition, rewards for remote or proximal kernel exploits have gone up from $20,000 to $30,000. A remote exploit chain or exploits leading to TrustZone or Verified Boot compromises are also changing, and will now pay up to $50,000.

Google has always had a bug bounty, but last year the company expanded the program to Android in order to compensate those who find and responsibly disclose vulnerabilities in the operating system. Since 2010, it has paid security researchers more than $4 million in rewards across all its programs, and it is spending more every year.

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member