During the past year, Google paid more than half a million dollars to researchers who identified flaws in its mobile OS. In fact, the Android Security Rewards program has been so successful that Google increased related bug bounties. A year ago, Google announced an extension to its Google Vulnerability Rewards Program geared specifically at the Android mobile OS. Called Android Security Rewards, the initiative is designed to incent crafty coders (Google employees and non-employees) to pound Android for potential vulnerabilities, and then get paid for their efforts — assuming they find bugs. Google’s pay scale for the program varies based on the severity of flaws identified, but during the past year, Google says it paid out upwards of $550,000 to more than 82 individual researchers, for an average of $2,200 per reward and $6,600 per researcher. One individual cashed in to the tune of $75,750 for 26 different vulnerability reports, according to Google, and 15 separate researchers made more than $10,000 each. (A third of the more than 250 flaws identified related to Android’s Media Server component, and a list of people who successful identified bugs and submitted reports is available on Google’s site.) Android Security Rewards is meant specifically to combat flaws in Google’s own Nexus-branded Android devices, and it doesn’t necessarily impact other Android gadgets that may not suffer from the same vulnerabilities. However, the company says “more than a quarter of the issues were reported in code that is developed and used outside of the Android Open Source Project. Fixing these kernel and device driver bugs helps improve security of the broader mobile industry (and even some non-mobile platforms).” Evolution of the Android Security Rewards program Google so far considers the program a success, and last week it bumped up the bounty it pays for Android bugs. Google says it will now pay 33 percent more for a “high-quality vulnerability report with proof of concept.” A critical vulnerability report with a proof of concept, for example, now pays $4,000 instead of $3,000. High-quality vulnerability reports with proof of concepts, Compatibility Test Suite (CTS) Tests, or a patch will receive 50 percent more money. Google boosted its reward for a remote or proximal kernel exploit from $20,000 to $30,000. And finally, remote exploit chains or exploits that lead to TrustZone or Verified Boot compromises now pay $50,000, up from $30,000, according to Google. (During the past year, Google didn’t payout this top reward for a complete remote exploit chain that led to such a TrustZone or Verified Boot compromise.) The program also inadvertently spotlights third-party Android device makers’ ongoing struggles to release timely security updates, a result of Android fragmentation. While Google can work to immediately find fixes and distribute them to its Nexus phones and tablets, third-party original equipment manufacturers (OEMs) must often perform rigorous software tests and receive carrier approval before releasing updates. In March, BlackBerry called out its Android rivals for slow security software updates, claiming it distributes patches faster than any other Android OEM. You can learn more about Android Security Rewards on Google’s development site. AS Related content opinion Tom Brady's pricey PJs pack 'recovery tech' for athletes Under Armour's new TB12 pajamas aren't cheap, but they promise to rejuvenate your body after workouts. And they just might work, according to a study from the U.S. National Institutes of Health. By Al Sacco Jan 05, 2017 2 mins Health and Fitness Software Wearables Consumer Electronics opinion Budweiser 'smart' beer fridge encourages drinking on the job The new 'Bud-E Fridge' IoT smart refrigerator automatically orders more beer for you and your coworkers when supplies get low, and it's available for a limited time for free, if you're located in Chicago, New York or Los Angeles. By Al Sacco Dec 06, 2016 2 mins Media and Entertainment Industry Internet of Things Consumer Electronics opinion Why Samsung should release a Note 8 Samsung denies reports that it's planning to release another Note smartphone, but it would be a major misstep for the company to do away with what is perhaps its most important smartphone brand. Here's why. By Al Sacco Oct 26, 2016 4 mins Small and Medium Business Technology Industry Smartphones news analysis Google makes more than Samsung, Apple on flagship phone The price Google charges for its Pixel XL smartphone is closer to what it costs to make the phone than what both Samsung and Apple charge for the GS7 and iPhone 7, but Google still makes more money. Here's why. By Al Sacco Oct 25, 2016 3 mins Small and Medium Business iPhone Manufacturing Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe