2017 Android Security Rewards

Your ads will be inserted here by

Easy Ads.

Please go to the plugin admin page to set up your ad code.

Posted by Mayank Jain and Scott Roberts of the Android Security team

Two years ago, we launched the Android
Security Rewards program. In its second year, we’ve seen great progress. We
received over 450 qualifying vulnerability reports from researchers and the
average pay per researcher jumped by 52.3%. On top of that, the total Android
Security Rewards payout doubled to $ 1.1 million dollars. Since it launched,
we’ve rewarded researchers over $ 1.5 million dollars.

Here are some of the highlights from the Android Security Rewards program’s
second year:

  • There were no payouts for the top reward for a complete remote exploit chain
    leading to TrustZone or Verified Boot compromise, our highest award amount
    possible.

  • We paid 115 individuals with an average of $ 2,150 per reward and $ 10,209 per
    researcher.

  • We paid our top research team, C0RE Team,
    over $ 300,000 for 118 vulnerability reports.

  • We paid 31 researchers $ 10,000 or more.

Thank you to all the amazing researchers
who submitted complete vulnerability
reports to us last year.

Improvements to Android Security Rewards program

We’re constantly working to improve the Android Security Rewards program and
today we’re making a few changes to all vulnerability reports filed after June
1, 2017.

Because every Android release includes more security protections and no
researcher has claimed the top reward for an exploit chains in 2 years, we’re
excited to increase our top-line payouts for these exploits.

  • Rewards for a remote exploit chain or exploit leading to TrustZone or
    Verified Boot compromise increase from $ 50,000 to $ 200,000.

  • Rewards for a remote kernel exploit increase from $ 30,000 to
    $ 150,000.

In addition to rewarding for vulnerabilities, we continue to work with the broad
and diverse Android ecosystem to protect users from issues reported through our
program. We collaborate with manufacturers to ensure that these issues are fixed
on their devices through monthly security updates. Over 100 device models
have a majority of their deployed devices running a security update from the
last 90 days. This table shows the models with a majority of deployed devices
running a security update from the last two months:

Manufacturer
Device
BlackBerry
PRIV
Fujitsu
F-01J
General Mobile
GM5 Plus d, GM5 Plus, General Mobile 4G Dual,General Mobile 4G
Gionee
A1
Google
Pixel XL, Pixel, Nexus 6P, Nexus 6, Nexus 5X, Nexus 9
LGE
LG G6, V20, Stylo 2 V, GPAD 7.0 LTE
Motorola
Moto Z, Moto Z Droid
Oppo
CPH1613, CPH1605
Samsung
Galaxy S8+, Galaxy S8, Galaxy S7, Galaxy S7 Edge, Galaxy S7 Active,
Galaxy S6 Active, Galaxy S5 Dual SIM, Galaxy C9 Pro, Galaxy C7, Galaxy J7,
Galaxy On7 Pro, Galaxy J2, Galaxy A8, Galaxy Tab S2 9.7
Sharp
Android One S1, 507SH
Sony
Xperia XA1, Xperia X
Vivo
Vivo 1609, Vivo 1601, Vivo Y55
Source: Google May 29th, 2017.

Your ads will be inserted here by

Easy Ads.

Please go to the plugin admin page to set up your ad code.

Thank you to everyone who helped make Android safer and stronger in the past
year. Together, we made a huge investment in security research that helps
Android users everywhere. If you want to get involved to make next year even
better, check out our detailed Program
Rules. For tips on how to submit complete reports, see Bug
Hunter University.


Android Developers Blog

Your ads will be inserted here by

Easy Ads.

Please go to the plugin admin page to set up your ad code.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

* Copy This Password *

* Type Or Paste Password Here *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>