Google Now Pays Researchers to Find and Fix Bugs in Android
Google has prolonged its Security Reward Programs to comprise researchers that find, fix, and prevent vulnerabilities particularly in the Android. It is called it the Android Security Rewards program.
With introduction of the program, Google will be encouraging developers or any user to find bugs or errors in the company’s OS, which in-turn will result in the more secure Android operating system. Like its Chrome security bug programme, the Android Security Rewards Programme will also pay users who find, fix, and prevent vulnerabilities on the Android OS.
The company blog post mentions that the program will initially let users start with the Nexus devices on sale via Google Play in US (currently Nexus 6 & Nexus 9). The company will pay for each step necessary for fixing the bug, including the patches and tests. The firm is also looking to make the entire Android ecosystem more secure, and promises larger rewards to those developers. Google said in the post that In addition to rewards for vulnerabilities, our program offers even larger rewards to security researchers that invest in tests and patches that will make the entire ecosystem stronger.
As a part of program rule, Google would be categorising the vulnerabilities in 3 levels – Critical, High, and Moderate and would be rewarding the users based on the same. As the users who find significant bugs or errors would receive $2,000 or Rs. 1.28 lakhs, the high and moderate bug or error finders would receive $1,000 or Rs. 64,000 & $500 or Rs. 32,000 respectively. Also, it will be up to Google to decide the “eligibility” of the bug after the details are disclosed to them. For more information, the users can view the program’s FAQ page.
The vulnerabilities covered by the Android Security Rewards include bugs or error in AOSP code, OEM code or libraries and drivers, the kernel, and the TrustZone OS and modules. the FAQ page says that Vulnerabilities in other non-Android code, such as the code that runs in chipset firmware, might be eligible if they crash the security of the Android OS.
Google says that the largest rewards would be given to researchers who will show how to work around Android’s security features including ASLR, NX, and the sandboxing. The search giant said it would also continue to pay for users who contribute in making the Android’s security stronger via the Patch Rewards Programme and the mobile
Photo credit : http://media2.fdncms.com/sfweekly/imager/former-google-engineer-claims-she-was-sexu/u/original/3462287/go.jpg
Another nice move by Google.