Find a remote vulnerability chain or crack TrustZone, Verified Boot remote loopholes, you can get $ 200,000 bonus, compared with the previous $50,000 four times. Found that the remote kernel vulnerability of people can get $ 150,000 prize money, after $30,000. Want to get these bonuses? As long as the crack to find Android vulnerabilities can be.
Since the launch of the Android Security Rewards program, Google has paid $1.5 million in prize money to security researchers. The company today announced data on the project, which received 450 qualifying reports from researchers last year. In 2016, the average reward for each researcher increased by 52.3% to $1.1 million.
It is foreseeable that Google’s reward is expected to continue to increase, especially if someone found the above two loopholes. Google apparently hopes that this will encourage security researchers to spend more time trying to crack their mobile operating system. In May, Google claimed that the number of Android devices activated by more than 2 billion, the company needs a variety of help to protect these users.
In addition to the existing internal security projects, the Vulnerability Reward Program is a very effective solution. They help not only encourage individuals or hackers to find loopholes, but also direct them to deal with loopholes, rather than malicious use of these loopholes or sell them for profit.
But the loopholes reward program is just a small piece of Google security puzzle. Google today also announced a small-scale upgrade of its latest security strategy in order to be able to cooperate with Android manufacturers more closely. Over the past 90 days, Google has deployed more than 100 device models to run security updates. In addition to looking for vulnerabilities in Android, Google is also trying to fix them, including monthly security updates.