Android, as we all know is the most used operating system in the world with billions of devices and new unique users joining every day. But unlike windows or other popular operating systems like Apple’s iOS, android is completely open source, meaning anyone can access the source code of android and can modify it to their liking and even create awesome custom ROMs with more features than the official version of android.
Disadvantages of being open to everyone
Though being open source sounds cool and is useful in many ways, as they say every coin has a flip side and the flip side of Android operating system being open source is the fact that along with adding new features and fixes, anyone can also bring security issues to Android by injecting some kind of malware or ransomware.
We all know what happened with the Wannacry Ransomware which shook the entire world and the latest Judy Malware which affected over 35 million android devices specifically.
Even though Google was reported of this issue and it immediately took down the apps responsible for this attack from the play store, it was still too late.
The Android Security Rewards Program
So, Google as it always does, came with an elegant and an interesting solution to increase the rewards of its Android security Rewards Program. The Android Security Rewards Program was launched in 2015 and Google has been giving away exciting rewards and cash prizes to people who identify and report security vulnerabilities.
The rewards were based on the severity of the bug and more recognition were given to security researchers who came with an entire report with information about the issues, the code and the patches to solve it.
Google says that it has received over 450 vulnerabilty reports since then and the average pay per security resaercher have increased by 52.3%. The most important thing to notice is that Google has rewarded over $1.5 million to security researchers in the past two years and has planned to encourage them more by setting the bar a little more high.
The exciting increase in the reward amount
Starting from June 2017, Google is increasing the rewards for a remote exploit chain or exploit leading to TrustZone or Verified Boot compromise from $50,000 to $200,000 and Rewards for a remote kernel exploit from $30,000 to $150,000.
These rewards are more than three times they were before and this is much more exciting and satisfying to those security researchers who work constantly to make android more secure and thus making the world a safer place to live and protected from malwares like Judy in the future.
You can see the rules for the Android security rewards program here, along with what kind of reports are valid and what is the exact procedure for sending the reports to Google and receiving the reward.