Google Android Security's Top Bug Reward Payout Goes Unpaid

Google has released data on its most recent Android Security Rewards program. The company said Thursday that there were no payouts for the top reward for what it describes as "a complete remote exploit chain leading to TrustZone or Verified Boot compromise" -- the highest award amount possible.

Google did pay 115 individuals with an average of $2,150 per reward and $10,209 per researcher. The top research team, Core Team, got over $300,000 for 118 vulnerabilities reports. The company also paid 31 researchers $10,000 or more.

Overall, there were more than 450 qualifying vulnerability reports from researchers, and the average pay per researcher rose by 52.3%. The total Android Security Rewards payout doubled to $1.1 million dollars.

Since the rewards program launched, Google has rewarded researchers more than $1.5 million dollars.

Perhaps Google is getting better at protecting Android users. Apparently, no researchers have claimed the top reward for an exploit chain in two years. Each Android release gains more security protection. 



In March 2017, Google released the Android Security 2016 Year In Review report -- which details how it keeps at the present time, 1.4 billion devices running on the operating system safe. The report says that in 2016, more than 100 security researchers made public contributions to the security of Android, for a total of nearly $1 million in security rewards. 

Next story loading loading..