Android Offering Up To $40,000 for Bugs in Code

Cracked Broken Smashed Phone ScreenGoogle has extended its bug bounty program to the Android operating system for the first time, offering security researchers rewards of up to $40,000 (£25,600) for reporting bugs in the code of its Nexus devices.

The program covers any security vulnerabilities discovered in the latest version of Android for Nexus phones and tablets (specifically the Nexus 6 and Nexus 9, although this may expand over time).

The scheme, called Android Security Rewards, offers cash rewards to researchers based on the severity of the flaw they discover, and if they are able to help solve it. A similar program for Googles Chrome browser paid out over $1.5m to security researchers in 2014 alone.

Alongside the announcement, Android also introduced a program aimed at ensuring the security of third-party software for Android by encouraging developers to stop using programming libraries with out-of-date information in their applications.

“We see mobile becoming arguably the most important way people connect to the internet,” said Adrian Ludwig, lead for Android security at Google in an interview with The Guardian. “Were seeing it providing two-factor authentication, as well, and the root of trust in the way users interact.

“Most security research is still focused on legacy systems. Were trying to move that, by incentivising security researchers to focus their energy on mobile. Our goal is to get to the point where theres a common baseline. We want to put structures in place to help developers update their apps, so the quality of all apps rises.”