Google today announced that its ‘Android Security Reward’ program in its third year has received over 470 qualifying vulnerability reports from researchers and the average pay per researcher jumped by 23%. The company also mentioned that the ‘Android Security Reward’ program has rewarded researchers with over $3M.
Google said that a complete remote exploit chain leading to TrustZone or Verified Boot compromise and over 99 individuals contributed one or more fixes. The ‘Android Security Reward’ program’s reward averages were $2,600 per reward and $12,500 per researcher. Guang Gong received highest reward amount to date; $105,000 for the submission of a remote exploit chain.
Google introduced the Play Security Rewards in October 2017 to encourage security research into popular Android apps available on Google Play. So far, researchers have reported over 30 vulnerabilities through the program and earned a combined bounty amount of over $100K. Google says that it has collaborated with manufacturers to ensure that the said issues are fixed on their devices through monthly security updates.
The company also listed around 250 device models which are said to be having security update from the last 90 days. These models range from brands like Asus, OnePlus, HMD Global’s Nokia, HTC, Samsung, BlackBerry, Blu, Huawei, Lava, Motorola, OPPO, Sony, Vivo, Xiaomi and others.