Jump to content
mrreboot

Google Launches Bug Bounty Program For Android With Rewards Up To $38,000

Recommended Posts

4651227194_3171368d50_o.jpg?w=738

Google today announced the launch of a security rewards program for Android at Black Hat’s Mobile Security Summit in London. The Android program will only cover vulnerabilities that affect Nexus phone and tablets available for sale in the Google Play Store, though. Right now, that’s the Nexus 6 phone and Nexus 9 tablet.

Base rewards start at $500 for reporting moderately severe vulnerabilities and go up to $8,000 for researchers who report a critical bug, provide a test case and submit a patch. On top of that, Google will offer up to an additional $30,000 for exploits that can compromise TrustZone or Verified Boot (and slightly smaller rewards up to $10,000 and $20,000 for attacks from installed apps and remote or proximal attacks).

Google believes the whole Android ecosystem will benefit from this vulnerability research, though. Given that the Nexus devices are the only ones Google has full control over — and that they run the company’s stock version of Android — it makes sense that the company would restrict this program to vulnerabilities that can be reproduced on these devices.

The new program is in addition to Google’s existing Patch Reward Program, which also includes the open-source foundations of Android. Bugs that qualify for this new program include vulnerabilities in the Android open source code, OEM libraries and drivers, the kernel and ARM TrustZone OS and modules.

Google says it has now paid out more than $4 million since the launch of its first bug bounty program in 2010. In 2014 alone, it paid out a total $1.5 million to more than 200 researchers.

Source

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...