This morning, Google introduced the Android Security Rewards program, aimed directly at making Android a safer platform for all users. As of this moment, Google is specifically looking for vulnerabilities affecting the Nexus 6 and Nexus 9, and if you happen to find something, you could get paid quite handsomely.
Unfortunately, you won’t become a millionaire overnight by helping Google find and squash bugs, but if you find a critical bug, you could see up to $2,000, and even more cash — up to $8,000 — if CTS tests and patches go through cleanly. That’s a nice little chunk of change.
Here are some details about the new Android Security Rewards program.
- For vulnerabilities affecting Nexus phones and tablets available for sale on Google Play (currently Nexus 6 and Nexus 9), we will pay for each step required to fix a security bug, including patches and tests. This makes Nexus the first major line of mobile devices to offer an ongoing vulnerability rewards program.
- In addition to rewards for vulnerabilities, our program offers even larger rewards to security researchers that invest in tests and patches that will make the entire ecosystem stronger.
- The largest rewards are available to researchers that demonstrate how to work around Android’s platform security features, like ASLR, NX, and the sandboxing that is designed to prevent exploitation and protect users.
If you happen to work in the security field, follow the via link below to learn everything you need to know to get started.