Today a year ago Google launched Android Security Rewards Program, as its English name suggests it is the program of rewards in which Google will pay the people who discover new vulnerabilities in the operating system, and on the occasion of its first anniversary, Google has made a review of all data obtained during these 12 months.
In a year, more than 250 vulnerabilities have been reported by researchers, which helped to make the safest Android operating system. More than one third of the vulnerabilities were reported in the media server that has now been hardened in Android N to be more resistant to vulnerabilities.
More figures from the first year of Android Security Rewards
For those more than 250 vulnerabilities, Google has had to pay more than $550,000 to 82 researchers He discovered them. This means that Google has paid 2,200 dollars per vulnerability and 6,700 dollars for researcher.
The best researcher has been @heisecode, that by its 26 reported vulnerabilities has pocketed in a year 75.750 dollars. Google has also paid to 15 researchers more than 10,000 dollars to each.
Improvements in Android Security Rewards Program
To encourage researchers to find vulnerabilities in Android has raised the price some of their rewards. The reward of critical vulnerabilities with proofs of concept goes from $3,000 to $4,000. If the researcher offers the Google patch will pay $6,000 in total.
The rewards that are possible remote attacks and affecting the kernel of the system going up the $20,000 to $30,000. Finally, the remote exploit affecting TrustZone or Verified Boot going up the $30,000 to $50,000.
Google wants Android is the operating system more secure in the world by money that cost. This rewards program is the best way to encourage researchers or hackers to find your vulnerabilities.