Google extends vulnerability bounties to Android

Android logoGoogle's "Vulnerability Reward Program" has been incentivizing people to report security bugs to the tech giant for its Web services, apps, extensions, Chrome, and Chrome OS for some time now. Today the company announced that it's extending the cash-for-bugs program to its biggest operating system: Android.

The program doesn't cover any Android device, just new devices that Google is 100% responsible for: current, for sale, Nexus devices. For now, that means the Nexus 6 and Nexus 9. Google says that this "makes Nexus the first major line of mobile devices to offer an ongoing vulnerability rewards program."

Google extends vulnerability bounties to Android

Google will pay researchers not only for bug disclosures—it offers additional rewards tiers for test cases submitted with the bug, CTS tests that catch the bug, and AOSP patches that fix the bug. "CTS" is Android's "Compatibility Test Suite," the continually updated battery of tests all devices must pass in order to gain access to the Google Play Store. CTS tests ensure that a device and its software are Android-compatible and free of known vulnerabilities, ensure platform API correctness, and follow Google's mandatory (and minimal) UI practices for readability and consistency.

Google pays anywhere from $0 to $2,000 for a bug submission, depending on the severity level, and when combined with test cases, unit tests, and AOSP patches, offers a max payout of $8,000. In addition to the reward levels, there are also huge bonuses available if you compromise the kernel, TEE (TrustZone), or the Verified Boot process. For the worst possible scenario of remotely compromising TrustZone or Verified boot, Google is offering a $30,000 reward.

Google says it paid "more than 1.5 million dollars" to security researchers last year under the bug bounty program. The company is also a sponsor of the annual pwn2own hacking competition and plans to support other Android vulnerability contests in the future.

Source: Ars Technica

Tags: Android, Google, OSes

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
Galaxy Note10 really is built around a 6.7-inch display
 
You may still be able to download your content
 
Facebook, Messenger and Instagram are all going away
 
Minimize apps to a floating, always-on-top bubble
 
Japan Display has been providing LCDs for the iPhone XR, the only LCD model in Apple’s 2018 line-up
 
The 2001 operating system has reached its lowest share level
 
The entire TSMC 5nm design infrastructure is available now from TSMC
 
The smartphone uses a Snapdragon 660 processor running Android 9 Pie
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 / 2
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
1234567
891011121314
15161718192021
22232425262728
293031    




Poll

Do you use microSD card with your phone?
or leave your own version in comments (15)