Android Security Rewards Program launched by Google


Android Security Rewards Program

Android Security Rewards Program announced by Google

Google introduced this week Android Security Rewards Program, which is more or less similar to the annual Pwn2Own hacking competition Google organizes in order to squash bugs and fix whatever vulnerabilities people find within the Chrome OS / Browser. Sure, the rewards are not even close to the prize pool Pwn2Own competion has to offer to its contestants, but the main goal is more important, which is to find security vulnerabilities in the latest available Android versions for Nexus smartphones and tablets now on sale via Google Store in the United States of America.

The first two Nexus handsets included in the Android Security Rewards Program are the Nexus 6 and Nexus 9 and will continue to grow as Google will announce new devices in the coming years.

Google Inc says “the reward level is based on the bug severity and increases for higher quality reports that include reproduction code, test cases, and patches. We’ll reward up to 1.5x the base amount if the bug report includes standalone reproduction code or a standalone test case (e.g., a malformed file). If the bug report includes a patch that fixes the issue or a CTS test that detects the issue, we’ll apply up to a 2x reward modifier. If there is both a CTS test and a patch, there’s a potential 4x reward modifier. Keep in mind that submitted CTS tests and patches must apply cleanly to AOSP’s master branch and comply with Android’s Coding Style Guidelines to be eligible for these additional reward amounts.”

The base reward amounts for vulnerability severity are typically:

  • Critical – $2,000
  • High – $1,000
  • Moderate – $500

For further details hit the source link below.