Monday , October 23 2017

Google paid out $200,000 for Android vulnerabilities in 2015

android-security
Google is quite security conscious, having operated a bounty program for security vulnerabilities affecting their products since 2010. Google has today launched a summary of their 2015 year in security rewards for these programs and Android security researchers made out pretty well.

Last year the company introduced a security bounty program for Android and it seems that Android security researchers dove in with both feet taking home $200,000 in payments. Of that total, Google paid $37,500 to one researcher alone.

Security Rewards 2015

Google’s bounty program covers other products like Chrome and combined with the Android vulnerability program, Google paid out over $2 million in 2015. Researchers from all over the world participated in the bounty program, with Google specifically mentioning researchers in Great Britain, Poland, Germany, Romania, Israel, Brazil, United States, China, Russia and India.

The most prolific security researcher was Tomasz Bojarski who found 70 bugs on Google in 2015, including a bug in their vulnerability submission form. Other notable researchers include former Googler Sanmay Ved, who was able to buy google.com for one minute on Google Domains. Sanmay received $ 6,006.13 (squint a bit and it looks like the word Google) but Google doubled this when he donated the reward to charity.

2015 was a massive year for Google and Android in particular in terms of security. It was the year we saw Google begin issuing monthly security patches and bulletins for Android devices – and most OEMs have begun releasing updates for their phones with these updates built-in.

It’s not perfect yet, but Google is doing their best to supply the tools, we just have to wait for the OEMs to get their collective security butts in line.

 
Source: Google Security blog.

Daniel Tyson   Editor

Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

Join the Ausdroid Conversation

Be the First to Comment!

avatar
wpDiscuz

Check Also

Looking for a VPN solution? Trust.Zone VPN has you covered with endpoints in 32 countries

If you’re a seasoned internet user, you’ve probably heard something about VPNs, and chances are …