Reward amounts vary depending on the severity of the bug, as well as the type of report that is filed when identifying them.
The highest values are paid for full reports that include a high-quality proof of concept that plays on a recent version of Android. To report incidents within the Android ecosystem as well as obtain more technical details about it, you should enter here.
It should be noted that according to the latest statement published by Google, total expenses on Android doubled in 2021– Nearly $3 million in bounties, with the highest payout of $157,000 – the largest ever – paid out to researchers who spotted the critical exploit chain CVE-2021-39698.
On the other hand, researchers can also be part of the experimental vulnerability research grant program, a scholarship system for those who wish to analyze in detail the safety of their products and services. To sign up for this program you must enter here.
Grant amounts ranging from USD 500 to USD 3,133.7, depending on the type of incident reported. Six years after the launch of this initiative, Google assured that in 2021 it awarded more than $200,000 in aid to more than 120 security researchers around the world.
Android Chipset Security Rewards
He also highlighted that in 2021 launched an Android Chipset Security Reward Program (ACSRP)a vulnerability bounty program offered by Google in collaboration with the manufacturers of these Android-developed components.
This is a private project that those interested can only join by invitation. Total, ACSRP paid more than $296,000 for more than 220 reports valid security measures to these researchers.
For its part, Chrome VRP has also posted record numbers, as 115 researchers from this vulnerability program were rewarded for 333 unique reports of security bugs.
Big Hunting Community
Last year, the company launched the Google Bug Hunting Community, a public research portal aimed at keeping Google products (Android, Chrome, and Google Play) and the Internet safe and secure.
It is an open platform with a single security form that allows users and researchers to report security bugs. and offers interactive opportunities through games and leaderboards by country, among others. To be part of this program you have to enter here.
Those interested in reinforcing their learning in this aspect can access the available content Bughunter University, a space that includes recommendations and tricks to detect these problems.