Android and Google Play Security Rewards Programs Surpass $3 Million in Payouts

Discussion in '[H]ard|OCP Front Page News' started by cageymaru, Sep 21, 2018.

  1. cageymaru

    cageymaru [H]ard|News

    Messages:
    19,453
    Joined:
    Apr 10, 2003
    For the past 3 years, Google has been paying top researchers for submitting vulnerability reports about flaws and bugs in the Android ecosystem. Recently the Android Security Rewards (ASR) just exceeded the $3 million mark in rewards to researchers. This year alone 470 qualifying vulnerability reports were filed and the average pay per researcher increased by 23%. The ASR average is $2,600 per reward and $12,500 per researcher. One researcher received $105,000 for a remote exploit chain submission.

    In October 2017, we rolled out the Google Play Security Reward Program to encourage security research into popular Android apps available on Google Play. So far, researchers have reported over 30 vulnerabilities through the program, earning a combined bounty amount of over $100K. If undetected, these vulnerabilities could have potentially led to elevation of privilege, access to sensitive data and remote code execution on devices.
     
  2. Maxx

    Maxx [H]ard|Gawd

    Messages:
    1,330
    Joined:
    Mar 31, 2003
    In Soviet Russia, vulnerability pays you!
     
  3. risc

    risc Handle with Kid Gloves

    Messages:
    163
    Joined:
    May 18, 2017
    Cheaper than paying for employees, hobbyists have something fun to do, bugs get fixed. Win win for everyone.
     
  4. clockdogg

    clockdogg Gawd

    Messages:
    690
    Joined:
    Dec 12, 2007
    "these vulnerabilities could have potentially led to elevation of privilege, access to sensitive data and remote code execution on devices"

    Good. Now how do we stop Google from exploiting access to sensitive data? Oh, right. We can't.
     
    GoldenTiger likes this.
  5. steakman1971

    steakman1971 2[H]4U

    Messages:
    2,193
    Joined:
    Nov 22, 2005
    Report it as a bug and get paid :)
     
    the-one1 likes this.