Did you find a security flaw on Android? Quickly report it to Google! The firm could indeed offer you up to 200,000 dollars: a record sum that just quadruples in the face of the few reports. In two years, Google deplores in fact 0 reports of researchers or hackers for truly critical flaws. In addition, the price for the discovery of kernel exploits also passes from $ 30,000 to $ 150,000.
Google pays quite generously hackers who tell it how they managed to break the security of Android. The price is particularly high when it comes to a critical security vulnerability that gives access to TrustZone or bypasses the Verified Boot for example. And drop slightly when hackers manage to find a feat in the kernel (the Linux kernel) of Android. But since the two years of the Android Security Rewards program, no one has yet claimed these prices.
Android: Did you find a security flaw? You may be able to pocket up to $ 200,000
So, to spark the appetite of hackers from all over the world, Google decided to quadruple the bet. Finding a critical flaw will thus be rewarded for $ 200,000 against $ 50,000 previously. The discovery of a feat of the kernel will be awarded $ 150,000 against 30,000 “barely” before the increase. Anyone (or almost anyone) can claim these sums: just know how to bypass an Android security mechanism, and explain to Google your method.
But do not think it will be easy either: the Android system becomes over time and security updates, less and less easy to hack. This program and these substantial amounts must allow Google to continue this momentum. In addition, this program is only part of Google’s strategy to make the 2 billion smartphones running Android more secure. Google is working more and more closely with manufacturers to increase the frequency of security updates.
The aim is, eventually, to achieve a pace of a monthly update on all devices. Because obviously finding the faults is very good. Fix them on all the Android smartphones on the planet, it’s even better