Google has offered to pay an amount of US$40,000 or £25,600 as a reward to the developers who are able to identify vulnerabilities in the Android operating system. The company wants to encourage the developers through the ‘Android Security Rewards’ to find the bugs in the Android devices thereby allowing Google to fix them.
Google had launched a similar program for Google Chrome and paid over US$1.5 million in 2014 to the security researchers who could successfully identify the vulnerabilities in Google Chrome. Google has also urged the developers not to make use of programming libraries that are outdated while developing applications since they could lead to security threats.
Currently, most of the security research is focused towards legacy systems despite the advancements in the mobile computing. According to the lead of Android security at Google Adrian Ludwig, mobile is fast becoming the most important device used by people to access the internet and is fast surpassing computers for accessing the internet. According to Ludwig, mobile devices allow users to have a two factor authentication that enhances the security. Therefore, there is a need for security researchers to have a better focus on the security aspects of the mobile devices and the reward from Google to pay US$40,000 is a step in that direction.
Google has stated that the developers need to identify the vulnerabilities in Android on Nexus 6 and Nexus 9 devices. This is because the vulnerabilities on other Android devices may not be identified properly and could be from the add-one from the manufacturers rather than Android operating system.
Ludwig further stated that the objective of the rewards program is to identify the software libraries which can cause a security threat and was launched a year ago as an experiment. Now it is being moved ahead of the experimental phase and as a full-fledged rewards program.