News  Android
Google starts an Android bug bounty

Google Announces Android Security Rewards

Fancy a cool $40,000? That's how much Google will pay up to if you disclose a new critical flaw in Android. Also, in recognition of many weaknesses being found in older libraries, they have announced a program to discourage developers from using them.

Naturally, there are a few conditions - fora start, they must be found in the current Nexus device line up. That's not too surprising, since those are the only "pure" Android devices in the wild which Google directly controls. They are in effect saying the carriers are responsible for any non-core Android bugs.

Android Security Rewards

The initiative is called Android Security Rewards. “We see mobile becoming arguably the most important way people connect to the internet,” said Google’s Adrian Ludwig, the lead of Android security. “We’re seeing it providing two-factor authentication, as well, and the root of trust in the way that users interact.”

The fact there is also an emphasis on not using legacy code addresses such recent vulnerabilities as the HeartBleed OpenSSL bug.

The reward program can be quite lucrative. In November 2013, $50,000 was paid under a similar one running for Chrome.

780x253 Bug Army

Get stampin', folks!