Some very cool but concerning news coming out from Google today as the company said it paid out over $3 million to researchers in 2016. These researchers were looking for bugs and other vulnerabilities in the Android platform, and then passed on this information to Google technicians. Continue reading to learn more about the bug bounty program Google put out for Android, and what this means for the operating system.
Android Vulnerabilities Led to $3 Million Payout in 2016
You might have seen before a company putting out a possible reward if you hack into their program or if you find issues with their program and let them know. Google has a program like this called the Vulnerability Rewards Program. This program basically is where researchers are put up to the challenge to find bugs and vulnerabilities in various Google products. Google has been verifying bugs by itself for six-years, which is pretty amazing. A lot of other companies hire third-party platforms to run these bug bounty programs, but not Google.
Google has paid out over $9 million since 2010 when the company began the bug bounty reward program. A couple years ago, back in 2015, Google paid out $2 million to researchers that were finding bugs and alerting the company. Google sometimes even expands out this program for other products, like Nest and OnHub. Microsoft, Apple, and Facebook also have these types of bounty programs available.
2016 was the first time that Android was on the Google bug bounty program for the entire year. Just within the first full year that Android was a part of this program, researchers found enough vulnerabilities and bugs to wind up with $1 million in rewards. In 2015, researchers only earned around $200,000 from finding and reporting the Android bugs. This in part was because Android came onto the Google bounty program late into the year, as it did not become part of the program until June 2015. As far as Chrome goes, Google paid out about $1 million to the researchers that were finding bugs and issues in Chrome as well. Chrome has a Chrome Vulnerability Reward Program as well, so the researchers have plenty of ways to make money by finding bugs in various Google platforms.
Google is trying to make Android more secure and fix all of these vulnerabilities that keep persisting on the operating system. Google even puts out memos to acknowledge those researchers that have helped find bugs and issues in the operating system. The main thing for Google is trying to make the system more secure, so it is relying on researchers to help them find the bugs and vulnerabilities. Google even started monthly security bulletins for Android, which allows you to see patches for your Android device. The monthly bulletin is all about encouraging manufacturers to continue regular updates as well.
So far there have been over 1,000 individuals that have received money as part of the rewards programs. There have been over 350 researchers from 59 different countries that have participated in the programs as well. All told, there are three different rewards programs from Google in which both researchers and individuals can contribute to. Individually, the biggest reward was $100,000 which is pretty nifty. Google even donates money to charities as well as part of the program. Sometimes Google will even send out a challenge, such as trying to hack into a computer system or Android device.
Last year, Google wanted someone to try to hack the Chromebook in guest mode. Oddly enough, the reward for this was $100,000, although Google did not say what the individual biggest payout was for we can guess it might have been this challenge. You too can get in on these bounties if you are tech-savvy enough, and you might get reward money as well if you have an Android device.