X

​Google pays $550,000 to people who found security holes in Android

For the Android Security Rewards program's second year, Google is significantly increasing reward payments.

Stephen Shankland Former Principal Writer
Stephen Shankland worked at CNET from 1998 to 2024 and wrote about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise Processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science. Credentials
  • Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Stephen Shankland
Google's Android mascot

Google's Android mascot.

Stephen Shankland/CNET

Google paid 82 people a total of $550,000 in the last year for finding security vulnerabilities that could let hackers compromise phones, tablets, cars and other gadgets powered by the company's Android software.

The company launched the Android Security Rewards program in June 2015 in an attempt to harden the software. Google offered up to $30,000 for vulnerabilities. Although nobody received that amount, one researcher called heisecode was paid $75,750 for 26 vulnerability reports, Google said in a blog post Thursday.

Security holes can be used obtain personal data and gain access to other computing systems. Even bug bounties from Google and other software makers aren't the only way to make money from vulnerabilities. The FBI reportedly paid less than $1 million for a hack that let it access an iPhone used by Syed Farook, a shooter in December's San Bernardino terror attack.

For the Android security bounty program's second year, Google raised reward levels in several cases. For the most complete type of Android takeover method, Google now will pay $50,000, up from $30,000.