Android and Google Play Security Rewards Programs Surpass $3 Million in Payouts

cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
21,487
For the past 3 years, Google has been paying top researchers for submitting vulnerability reports about flaws and bugs in the Android ecosystem. Recently the Android Security Rewards (ASR) just exceeded the $3 million mark in rewards to researchers. This year alone 470 qualifying vulnerability reports were filed and the average pay per researcher increased by 23%. The ASR average is $2,600 per reward and $12,500 per researcher. One researcher received $105,000 for a remote exploit chain submission.

In October 2017, we rolled out the Google Play Security Reward Program to encourage security research into popular Android apps available on Google Play. So far, researchers have reported over 30 vulnerabilities through the program, earning a combined bounty amount of over $100K. If undetected, these vulnerabilities could have potentially led to elevation of privilege, access to sensitive data and remote code execution on devices.
 

risc

Handle with Kid Gloves
Joined
May 18, 2017
Messages
188
Cheaper than paying for employees, hobbyists have something fun to do, bugs get fixed. Win win for everyone.
 

clockdogg

[H]ard|Gawd
Joined
Dec 12, 2007
Messages
1,175
"these vulnerabilities could have potentially led to elevation of privilege, access to sensitive data and remote code execution on devices"

Good. Now how do we stop Google from exploiting access to sensitive data? Oh, right. We can't.
 

steakman1971

2[H]4U
Joined
Nov 22, 2005
Messages
2,433
"these vulnerabilities could have potentially led to elevation of privilege, access to sensitive data and remote code execution on devices"

Good. Now how do we stop Google from exploiting access to sensitive data? Oh, right. We can't.
Report it as a bug and get paid :)
 
Top