Since 2010 when Google first launched the Vulnerability Reward Program to allow external contributors to help them tackle security issues by issuing cash rewards there has been a huge increase in the way security is being improved at Google and Google products leading to Google paying more than $1.4 million in rewards.
The idea is to encourage outside developers to lend Google a helping hand by identifying security vulnerabilities in specific Google products and report them to Google in return for cash rewards. Google also offers bonuses and extra money to those who are not only able to identify the problems, but also solve them or patch them.
So far Google had the following programs:
- Google Vulnerability Reward Program (VRP)
- Patch Reward Program
- Vulnerability Research Grants
- Chrome Reward Program
And recently they added the Android Security Rewards Program aimed to reward those contributors/developers who are willing to devote their time, effort and dedication towards making Android a more secure platform. Rewards for this program are based on bug severity and will go higher according to the quality of reports submitted to the Android Security Team.
Considering the rate at which Android is constantly growing it’s no surprise that Google decided to add this and this will start benefiting all users in helping and improving the one thing Google’s handset operating system had been heavily criticized over the years and that is security which is usually not publicized when comparing it with the other major players of the market such as iOS, Windows, and Blackberry (even though BlackBerry is on the downfall).
As of June 2015, eligible devices for this program to be tested upon are the Nexus 6 and Nexus 9. Bugs in AOSP code, OEM code (libraries and drivers), the kernel, and the TrustZone OS and modules that run on these devices are covered by the program.
Rewards for these bug reports are divided into Critical, High and Moderate which pay up to $2,000, $1000 and $500 respectively.
However, there are a few catches to the program, such as bugs found on custom ROMs or devices other than those that are not listed in the Rewards program or bugs related to apps crashing suddenly.
For more visit the FAQ.
So if you think that you have some insight to offer Google regarding the security of the Android OS or if you are interested in fixing an existing problem visit the Android Security Rewards Program page for more details.