Google Announces Security Rewards Program to Tackle Android Bugs

By CIOReview | Tuesday, June 23, 2015

FREMONT, CA: Google announces Android security rewards program for researchers to enhance security concerning Android. The reward level is based on the bug severity and increases for higher quality reports that include reproduction code, test cases and patches.

In a recent study ‘Security Analysis of Android Factory Resets’ by University of Cambridge highlights the inability of Android devices to wipe user data completely exposing the risk of security. It estimates that up to 500 Mn devices may not properly sanitize data partition where credentials and other sensitive data are stored. The study suggests few steps hoping they can reduce the chance of slip-ups in the future.

Android Security Rewards covers security vulnerabilities discovered in the latest available Android versions for Nexus phones and tablets including Nexus 6 and Nexus 9. Through this program Google provides monetary rewards and public recognition for vulnerabilities disclosed to Android Security Team.

Reward payouts will be based on the severity of the vulnerability and the quality of the report. A moderate vulnerability would be awarded $500 while critical vulnerability will be rewarded with $2000.  A well written Compatibility Test Suite (CTS) test and patch will fetch even higher gains.