launches program that pays hackers to hunt down Android security flaws

BY GreenBot Staff

Published 16 Jun 2015

Android has an image problem. ople think it’s unsafe, that’s it’s dangerous to use. It doesn’t help that its competitors perpetuate that idea. Despite all that has done over the years to dispel this myth, Android still gets a bad rap. 

That kind of publicity isn’t good for business, which is why the company has announced a program that calls on hackers, security researchers, developers to help find security flaws in Android. 

It’s called the Android Security Rewards program, it will reward those on the outside of headquarters who invest their time efforts to help make Android more secure. In exchange for reporting security vulnerabilities things of the like, will provide monetary rewards public recognition.

y this matters: ile the program is a great way for developers researchers to make some extra cash, it’s also an opportunity for to show Android users that it’s pulling out all the stops to ensure a safe vulnerability-free mobile OS. 

ying to find problems, fix them

“In many ways, we’re more interested in solutions than we are in the bugs,” said Adrian dwig, lead engineer for Android security. “’ve constructed our program slightly different than other programs. ’re paying a little bit for bugs, then we pay the same amount for people who write hfuls of line of code.” The reward level is based on the severity of the reported bugs, but it goes up if the entrant offers a thorough report card with information on how he reproduced the code, what he did to test it, how he patched it up.

The Android Security Rewards program isn’t a new concept. ’s launched a similar program for Chrome OS other properties in the past. In total, the company has paid out over $4 million in reward cash to hundreds of researchers. “The basic model is that when someone reports an issue to us, we confirm that it’s a real issue,” explained dwig. “As soon as we confirm that it’s a real issue, we will have them register as a supplier. They go ahead register, then we pay them out, that will happen almost immediately.” In the interim, will work on producing that patch getting it out to OEMs to ensure that devices are up to date.

The program may not completely eliminate the negative stereotype Android has in other circles, but at least current Android users can rest assured is heavily investing in this part of the platform. “I believe, for most people, their phone is the most trustworthy [device] that they have,” said dwig. “ want to make sure that that’s true forever—that they can always have that kind of confidence in it.” 

He added that this is also an opportunity for hackers to dispel the idea that all hacking is bad. “For a normal user—normal human—there’s a mythology around hackers that they’re trying to do bad things. In many ways, the security rewards program taps into that—that a hacker can do the right thing rather than the wrong thing make a living.” It’s a win-win situation: cash acknowledgement for the tinkerer, a safer Android for the rest of us.

Currently, the program only applies to ’s Nexus 6 Nexus 9 devices running Android 5.1.1 up. As for the older devices, dwig said that wanted to focus the developer efforts on devices you can actually grab in the ay Store. However, the program will not apply to Android ar, Nexus ayer, or oject Tango devices either. Developers researchers who are interested can check out ’s blog post on the program for more details.