Apparently, crime really does pay. Okay, technically, not a crime, but rather finding vulnerabilities in the Android ecosystem. Google launched the Android Security Rewards last year as part of their Vulnerability Rewards Program, but this time focusing on the mobile platform. In their first year report, they disclosed that they were able to pay out $550,000 to those who were able to send vulnerability reports that would eventually help in keeping Android more secure. While the reports focus on Nexus devices, it will of course affect all Android devices in the long run.
The biggest single cash out went to someone called “Peter Pi” (not sure if that’s a real name) who was able to discover and report 26 “meaningful vulnerabilities” and get $75,750 in return. The average cash received per find was $2,200 but 15 researchers got over $10,000 for multiple reports. There were no payouts however for the top reward for a report that would have exploited the TrustZone or led to a Verified Boot compromise, so that means they have no vulnerabilities as of this time.
In even better news, Google will be putting in more money for the rewards program as payouts will be increased 33% across the board. And the max payout cap has been increased to $50,000. So if you’re in need of some extra cash, then you better start working on finding vulnerabilities in the Android platform, that is if you’re a security savvy programmer, coder, or even just a casual tinkerer of all things Android.
So if you’re interested, head on over to their Program Rules and start reading up on what they’re looking for. It’s not as easy as you might think, so you would have to work hard to get that moolah.
SOURCE: Android Developers