I’ve known about Chrome’s vulnerability reward program for quite some time, but never considered moving the design over to Android. Reddit user CunningLogic suggests it would give developers a monetary reward for their handwork while making Android more secure in the long run. Sounds good to me. Just like development within Chrome, the developers hard at work within Android have been extremely good at pointing out OS security flaws; with a form of payment, devs will get that extra incentive/motivation to tighten up loose ends and help make Android OS better.
It is known that compared to other mobile operating systems, Android is by far one of the most vulnerable. Carriers have even gone as far as offering protection applications (such as LookOut) for free in the Android Market to make sure their customers don’t have a bad experience on their network. It’s an obvious issue, and knowing your device is secure means the world to many.
With the recently found Carrier IQ security vulnerabilities, it would be a great time to implement such a program. If developers have been preparing security patches and modifications for their love of Android, imagine how hard they’d work for a bit of cash too. And Chrome’s base reward is $500.00 – but if the bug appears to be “severe or interesting”, the value can rank up to $3133.70! Implement that in Android and you’ll add an entirely new team of energized developers!
[via Reddit: CunningLogic]