Google is known for rewarding its fans and developers who find and provide fixes to its Android operating system. Through its reward system, Google ensures that bugs are found and dealt with accordingly. Through its open-source nature, Android provides a lot of potential for both development and hacking.
The Android Security Rewards has been made for developers to submit any code that won’t fall into other rewards program covered by Google. The company is interested in AOSP, OEM, kernel and TrustZone OS bugs, but firmware bugs can also be submitted if they pose a potential security risk for the Android OS.
The new rewards program currently covers only two devices, namely the Nexus 6 and Nexus 9, but Google says it will add more in the future. Bugs that qualify for the latter devices should fall into the moderate, high or critical area, so if you find a complex bug or just a text misspelled wrong, they won’t qualify.
As far as rewards are concerned, Google offers between $500 and $2,000, depending on the bug severity and how well it is documented and/or patched. For example, Google will reward anyone who submits a critical bug, the patch and CTS test with up to $8,000. Also, Google offers a larger sum of money for functional bugs as follows:
- An exploit or chain of exploits leading to kernel compromise from an installed app or with physical access to the device will get up to an additional $10,000. Going through a remote or proximal attack vector can get up to an additional $20,000.
- An exploit or chain of exploits leading to TEE (TrustZone) or Verified Boot compromise from an installed app or with physical access to the device will get up to an additional $20,000. Going through a remote or proximal attack vector can get up to an additional $30,000.
If you like a challenge that would potentially bring you a lot of cash, you can head over to Google’s Android Rewards page here and see more details.