Android and Google Play Security Rewards Programs Surpass $3 Million in Payouts

[cageymaru]

For the past 3 years, Google has been paying top researchers for submitting vulnerability reports about flaws and bugs in the Android ecosystem. Recently the Android Security Rewards (ASR) just exceeded the $3 million mark in rewards to researchers. This year alone 470 qualifying vulnerability reports were filed and the average pay per researcher increased by 23%. The ASR average is $2,600 per reward and $12,500 per researcher. One researcher received $105,000 for a remote exploit chain submission.

In October 2017, we rolled out the Google Play Security Reward Program to encourage security research into popular Android apps available on Google Play. So far, researchers have reported over 30 vulnerabilities through the program, earning a combined bounty amount of over $100K. If undetected, these vulnerabilities could have potentially led to elevation of privilege, access to sensitive data and remote code execution on devices.

 

[Maxx]

In Soviet Russia, vulnerability pays you!

 

[risc]

Cheaper than paying for employees, hobbyists have something fun to do, bugs get fixed. Win win for everyone.

 

[clockdogg]

"these vulnerabilities could have potentially led to elevation of privilege, access to sensitive data and remote code execution on devices"

Good. Now how do we stop Google from exploiting access to sensitive data? Oh, right. We can't.

 

[steakman1971]

"these vulnerabilities could have potentially led to elevation of privilege, access to sensitive data and remote code execution on devices"

Good. Now how do we stop Google from exploiting access to sensitive data? Oh, right. We can't.

Report it as a bug and get paid