Attention bug hunters! It looks like Google is going to offer even more cash rewards to their Android Security Rewards program. They are upping the ante with a 33 percent increase on the payout for a high-quality bug report with proof of concept and a 50 percent increase if an additional CTS test and a patch is included.
Google's payouts for Android bug hunters are quite substantial. On its first year alone, they reportedly shelled out $550,000 to 82 individuals. Their top researcher, heisecode AKA Peter Pi, was paid $75,570 for 26 vulnerability reports while 15 other researchers netted $10,000 or more.
Two hundred-fifty qualifying vulnerability reports were received and a third of these reports were made part of their media hardening project which made Android N more secure.
The bigger payouts for qualifying reports took effect for reports filed after June 1, 2016.
Aside from the percentage increases for the vulnerability reports, they are raising the reward for a remote/proximal kernel exploit from $20,000 to $30,000 and a remote exploit chain or exploits leading to TrustZone or Verified Boot compromise from $30,000 to $50,000.
These are definitely enticing cash rewards for anyone who wants to spend the time probing Android for exploits and vulnerabilities. It looks like Google definitely values crowd sourced input for improving their mobile platform's security.
If you are interested in joining the Android Security Rewards program, check this link out for the Program Rules.