Bugs in Android can now make you Richie rich as Google is ready to pay $40000 to find critical flaws in OS
Want to get rich? Well, looks like it’s time to take out some flaws.
Google, the search giant will start paying to those security researchers a reward of $40000 (£25600) who will fond bugs in its Android devices. Bugs have to be found in its first extension of the “Big Bounty Program” of its mobile OS. Further announcements have also been made by the company about the new program which ensures third-party security software by nudging the developers on Android operating system to avoid usage of out-to-date applications in programming libraries.
As per Adrian Ludwig, lead of Android security department Google see’s mobile becoming arguably the most important way people connect to the internet which provides two-factor authentication as well. The root of trust lies in the way that users interact and is the reason most security research is still focused on legacy systems. Google has taken a step to move that, by incentivizing security researchers to focus their energy on mobile. This new scheme will be named as (ASR) Android Security Reward currently which will follow the success of Google Chrome Browser, a similar program to ASR. Company paid more than $1.5 million in the year 2014 to security researchers for this purpose.
The plan is to scan Android apps for software libraries which could pose a security threat was taken in 2014 and will now be rolled out beyond its experimental introduction. As part of the scanning of apps, The Company plans to don’t just look for intentionally bad behavior anymore but also for mistakes in the overall system. A really obvious example of what the team is looking out for includes a version of Open SSL that’s an old version. Starting about a year ago, they began scanning apps and notifying developers if they have made that sort of mistake. An advertisement also quoted about it saying ” Our goal is to get to the point where there’s a common baseline. We want to put structures in place to help developers update their apps, so the quality of all apps rises .”
Vulnerabilities which will be affecting the company’s two of the Android OS devices, Nexus 6 and Nexus 9 will have to be claimed by the developers. This may be mainly due to the company’s un-ability to identify and verify bugs in its own devices or manufacturers additions in fragmentation of the Android market. There are varying rewards based on sliding scales. It ranges from $500 for a minor bug to $38000 for a severe bug with vulnerability alongside a remote exploit of proof-of-concept including method to fix the issue. ” Our goal is that this could be a full-time research and a very well-paid opportunity, “ says Ludwig.
To fix this a Google security scheme called Project Zero has been introduced by the company for its practice of releasing proof-of-concept exploits for other companies’ devices. Previously-unknown vulnerabilities are identified, disclosing them within a time limit of 90 days to manufacturers to fix it.