Google has announced that it has paid more than $3 million through the Android and Google Play Security Awards program. The money is spent on researchers who help Google find vulnerabilities, and this makes the entire ecosystem safer. Google pays different amounts of bonus based on the weakness and the level of repair.
The Android Security Awards have just entered its third year, during which time a total of 470 eligible vulnerability reports were received. Google said that the average salary of each researcher has risen by 23% and about $1 million a year. According to Google’s data, ASR occupies most of the $3 million in prize money.
In this year’s Android security rewards, there are mainly the following highlights:
- There were no payouts for our highest possible reward: a complete remote exploit chain leading to TrustZone or Verified Boot compromise.
- 99 individuals contributed one or more fixes.
- The ASR program’s reward averages were $2,600 per reward and $12,500 per researcher.
- Guang Gong received our highest reward amount to date: $105,000 for his submission of a remote exploit chain.
But in another Google project, Google Play Security Rewards, ASR’s activity is not that high. The project aims to encourage security research on favourite Android apps on Google Play. So far, researchers have reported more than 30 vulnerabilities through this project, winning a total of more than $100,000 in prize money.