Being the most popular mobile operating system on the planet, along with being Open-Source, Android now is occupying more and more devices. Security on all of these is a primary concern that needs to be addressed.
There’s a popular misconception that open-source software is prone to vulnerabilities. However, it should be noted that open-source software are among the fore-runners which have quick bug-fixes and patches available for any software vulnerability.To help reward the contributions of security researchers who invest time and effort in finding such bugs, and helping them get patched quicker, Google has announced the “Android Security Rewards” program for security vulnerabilities discovered in the Nexus 6, and Nexus 9 devices currently being shipped. Eligible bugs include those in AOSP code, OEM code (libraries and drivers), the kernel, and the TrustZone OS and modules. Vulnerabilities in other non-Android code, such as the code that runs in chipset firmware, may be eligible if they impact the security of the Android OS. It may be noted however that bugs and vulnerabilities in the kernel are faster patched by custom kernel developers.
Bugs found in custom ROMs however aren’t eligible for any bounty.
Even if you are not in it for the money, you could very well choose to donate the amount to a charity, in which case, Google will double your bounty!
So, either ways, good is done! 🙂
Android grows secure by the day, thanks to rewarding programs by Google; similar to Chrome’s pre-existent Bug Bounty program. Thanks to programs such as these, which provide public recognition, as well as monetary rewards, we have more and more hackers like “Pinkie Pie” who disclose these vulnerabilities to the right people helping us keep our security, and them, their reputation.