Android has a reputation for poor security, but that’s a result of past failings. Most security flaws you hear
about now affect old builds of the OS, or require clever social engineering to get the user to weaken device security.
The versions of Android being released now are vastly more secure than what Google was putting out years ago.
In fact, no one has managed to claim Google’s largest bug bounties for Android. So, the company is increasing the rewards to as much as $200,000.
Google started the bug bounty program for Android about two years ago. It works just like other bug bounties the
company has used for other products. Security researchers who can demonstrate an exploit get a cash prize,
the amount of which varies based on the severity of the hack. Then, Google gets to fix the bug and avoid future security issues.
Still, no one has submitted a working exploit for Android’s core components, even when such an exploit is worth $30,000-$50,000.
So, by increasing the reward, Google hopes it will attract more researchers and engineers to the bug bounty program.
The increases reward applies to two bounties; one for vulnerabilities in TrustZone or Verified Boot, and the other for a remote kernel exploit.
Android is based on the Linux kernel, which has given the platform great flexibility over the years. However, the Linux kernel also comes with baggage.
It has been the cause of several significant security breaches known as remote kernel exploits. An example of this would be the TowelRoot exploit,
which could be used by users to gain root on a device. Of course, hackers could also use remote kernel exploits like that to infiltrate devices and steal data.
The bounty for a new remote kernel exploit has gone up to $150,000 from $30,000.
Site Title 