Google is now broadening the scope of its bug bounty program to discover the many flaws found on its Android device sold via Google Stores in the US, implying the Nexus 6 and Nexus 9. The company says more devices will be included in the coming future, though for now the bug bounty program will solely focus on the Nexus 6 and Nexus 9.
“Android Security Rewards covers bugs in code that runs on eligible devices and isn’t already covered by other reward programs at Google. Eligible bugs include those in AOSP code, OEM code (libraries and drivers), the kernel, and the TrustZone OS and modules. Vulnerabilities in other non-Android code, such as the code that runs in chipset firmware, may be eligible if they impact the security of the Android OS,” explains Google in a blog post.
Bounties vary depending upon the severity of the issue, with base reward starting at $500 and can go as high as $8000 for a critical bug. Google will reward only the first person who reports a particular bug, provided he/she gives a test case and submit a patch.
While in cases where bugs can lead to the kernel being compromised, Google is ready to offer a bounty of an additional $30,000. Google says this reward can go much higher in case of ‘unusually clever or severe vulnerabilities’.
This new bounty program is separate from the company’s existing Patch Rewards program. Google touts that since the launch of its first bounty program in 2010, they’ve awarded over $4 million to researchers. In 2014 alone, Google claims to have awarded a total of $1.5 million to more than 200 researchers.
Google has been trying hard to constantly update its security measures to ensure the safety of its devices from malware ridden apps. Moreover, owing to Android’s popularity, apparently found on four out of every five smartphones in the world, it has become the hotbed for malware developers. CEO of Kaspersky Labs recently said in an interview that both Android and iOS are the preferred target for developers as well as hackers owing to their popularity.
In addition, Google has other issues to take care of as well. A recent report suggested that NSA was targeting the Play Store to deliberately add spyware on target devices. NSA has been constantly alleged in the past for unethical practices in matters concerning national security and their grossly surveillance practices.
For more information about the new bug bounty program, interested users can head over to the source link at the bottom of the page.