Google is increasing the bounty for its Android Security Rewards by between 33- and 50-percent. This is a substantial jump in payout, considering that the program is only a year old; having been introduced in June 2015.
Thus far, the program has paid more than $550,000 (about RM2.2 million) to 82 individuals; with an average of $2,200 (about RM9,000) per reward and $6,700 (about RM27,000) per researcher. The top researcher managed to net $75,750 (about RM300,000) for 26 vulnerability reports, while 15 researchers managed to earn at least $10,000 (about RM41,000).
The improved bounty should encourage more bug reports, and in turn produce a more secure Android operating system. Of course, there are requirements for participating in the program; all of which can be found under the rules section of the program.
Bounty programs like this are supposed to encourage people who find bugs to submit them to technology companies for fixing, instead of exploiting them for financial gain. Not all bugs can be used as an attack vector, but it is in Google’s best interest to close as many gaps as it can.