Bounty Bucks For Android

Google’s security rewards program, which has handed out millions of dollars to researchers who found bugs in Chrome and other Google products since 2010, has now been extended to include the largest member of its product family: the Android operating system.

Android security engineer Jon Larimer said:

Android

Today, we're expanding our program to include researchers that will find, fix, and prevent vulnerabilities on Android, specifically.

Google says the new Android Security Rewards Program will only cover vulnerabilities affecting the latest version of Android running on its own Nexus 6 smartphone and Nexus 9 tablet for now, but the list of eligible devices will change over time.

I hope Google will include older versions of the Android operating system or, better yet, encourage its partners to push out more timely updates in the future, otherwise any security benefits derived from this bug bounty program will only be enjoyed by a minority of customers.

Bounty Bucks For Android Devices

Download free apps, games, themes, wallpapers, ringtones, and more for phones and tablets. Millions of members are sharing the fun and billions of free downloads served. Get our Android app, iOS app or Windows app from the official app stores today! The primary resource for the Android bug bounty program is Google's page on Android Application Security, listing the scope, rules of engagement, and payouts. At present, the Android Security Rewards Program covers bugs in code that runs on eligib.

To claim a bounty under the new program, researchers will need to discover bugs on one or both of the eligible devices that are not already covered by any of Google’s other reward programs with the rules stating:

Eligible bugs include those in AOSP code, OEM code (libraries and drivers), the kernel, and the TrustZone OS and modules. Vulnerabilities in other non-Android code, such as the code that runs in chipset firmware, may be eligible if they impact the security of the Android OS.

Rewards

Bounty Bucks For Android

As The Title Reads, I Am Offering A Bounty Of $50USD To Whoever Can Get Viper 4 Android Fully Working On The Galaxy S21U If Others Would Like To Raise The Bounty Higher Please Message Me Here On XDA. Discussion in 'Android Devices' started by GrifterGrifts, Jan 5, 2017. GrifterGrifts Member. I'll shell out a few bucks. Download Get free VBucks guide 1.0 latest version XAPK (APK Bundle) by Agus2020apps for Android free online at APKFab.com. How to get free v-bucks guide 2021.

Larimer said the program will pay out larger rewards to those who go beyond simply discovering a vulnerability, handing over larger piles of cash in return for tests and patches that will help to make the entire ecosystem more robust.

The largest possible rewards will go “to researchers that demonstrate how to work around Android’s platform security features, like ASLR, NX, and the sandboxing that is designed to prevent exploitation and protect users.”

Researchers submitting a bug can expect to earn anything up to $2000 (about £1200), depending on its severity level. By also submitting test cases, unit cases and AOSP (Android Open Source Project) patches, that reward could rise to as much as $8000 (about £5000).

Bounty Bucks For Android Cell Phones

If an exploit is able to compromise the kernel, TEE (TrustZone) or the Verified Boot process, the potential bounty could rise to between $20,000 and $30,000 (about £12,000 – £19,000).

Download Bounty Bucks For Android

Google suggests a reasonable disclosure deadline of 90 days, which matches the timescale its own Project Zero team adheres to when reporting Android bugs. The company says any researcher publicly revealing new bugs before the 90-day period is up will be unlikely to receive a reward, but it will consider each case on its own merits.

Bounty Bucks For Android

Non-AOSP issues will continue to be dealt with by the Google Vulnerability Reward Program while vulnerabilities in Chrome will be handled by the Chrome Rewards program.

Vulnerabilities which resolve around tricking the user, or eliciting complex interaction, such as phishing attacks, tap-jacking or a reliance on unlikely configuration changes are unlikely to qualify for a reward. Bugs that do nothing more than cause an app to crash will also be excluded from the program.

Android, Larimer said, will continue to participate in Google’s Patch Rewards Program, which pays for contributions that improve the security of Android (as well as other open source projects). Google will also continue to support mobile pwn2own, as it has done for the last 2 years, as well as other competitions designed to find vulnerabilities in Android.

Bounty Bucks For Android Phone

Wrapping up, Larimer said:

Open security research is a key strength of the Android platform. The more security research that's focused on Android, the stronger it will become.

Image of Android courtesy of George Dolgikh / Shutterstock.com .