Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports.
The company made these changes to the Mobile Vulnerability Rewards Program (Mobile VRP) and they apply to what it describes as Tier 1 applications.
The list of in-scope apps includes Google Play Services, the Android Google Search app (AGSA), Google Cloud, and Gmail.
Google now also wants security researchers to focus on flaws that could lead to sensitive data theft and will now pay them $75,000 for exploits that don’t require user interaction and can be used remotely.
For exceptional quality reports that include a proposed patch or effective mitigation and a root cause analysis to help find other issue variants, the company will pay 1.5x the total reward amount, allowing researchers to earn up to $450,000 for an RCE exploit in a Tier 1 Android app.
However, they’ll get half the reward for low-quality bug reports that don’t provide:
- Accurate and detailed descriptions,
- A proof-of-concept exploit,
- Easy steps to reproduce the vulnerability reliably,
- A clear demonstration of the bug’s impact.
| Category | Remote/No User Interaction | Via link click | Via malicious app /with non-default config | Attacker on same network |
|---|---|---|---|---|
| Code Execution | $300,000 | $150,000 | $15,000 | $9,000 |
| Data Theft | $75,000 | $37,500 | $9,000 | $6,000 |
| Other Vulns | $24,000 | $9,000 | $4,500 | $2,400 |
“Some additional, smaller changes were also made to our rules. For example, the 2x modifier for SDKs is now baked into the regular rewards. This should increase overall rewards, and will make panel decisions easier,” Google information security engineer Kristoffer Blasiak said.
Google introduced the Mobile VRP last May to pay security researchers for vulnerabilities in the company’s Android applications.
The bug bounty program’s main goal was to speed up the process of discovering and fixing security weaknesses in first-party Android apps maintained or developed by Google.
“The Mobile VRP launched in May 2023, and after one year, it’s time to take a look back at what we’ve achieved,” Blasiak added.
“Most importantly, we received over 40 valid security bug reports, nearing $100,000 in rewards paid to security researchers.”
Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here
PetPivot Autoscooper 11 Open-Top Self Cleaning Cat Litter Box, Automatic Cat Litter Box for Multiple Cats with Trash Bags and Litter Mat Included, White
$179.99 (as of January 23, 2025 19:19 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Apple AirPods Pro 2 Wireless Earbuds, Active Noise Cancellation, Hearing Aid Feature, Bluetooth Headphones, Transparency, Personalized Spatial Audio, High-Fidelity Sound, H2 Chip, USB-C Charging
$185.07 (as of January 23, 2025 19:24 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Like-New Blink Outdoor 4 (4th Gen) – Wire-free smart security camera, two-year battery life, two-way audio, HD live view, enhanced motion detection, Works with Alexa – 2 camera system
$89.99 (as of January 23, 2025 19:19 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
DoHonest Baby Car Camera HD 1080P - Rear-Facing Car Baby Monitor with Night Vision, Adjustable View Angle, Easy Setup, Anti-Glare Display, Safety for Kids & Infants
$18.99 (as of January 23, 2025 19:24 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
