You are here

Have you found a bug in Android OS? Report it to Google, to get paid up to $200,000

Submitted by Asif Nowaj, Last Modified on 2019-11-08

Android Security Rewards Program of Google has now changed. Reward for finding a bug in the Android operating system has now increased up to $200,000.

The day after the news released of an Android malware Judy, Google has announced the new recognition of contributions. This is an initiative from Google to make Android more secure.

The reward includes monetary reward as well as public recognition for the weaknesses revealed to the Android Security Team. The amount of the reward is based on the bug severity and completeness of the report which includes reproduction code, test cases etc.

As public recognition, you can find the names of all the people and parties who helped to improve the Android security till now here.

This program covers in the latest Android versions for Pixel phones and tablets as follows.

  • Pixel and Pixel XL
  • Pixel C

Only the first report of a given issue that Google is unaware of is eligible for reward. In the event of a duplicate submission, the earliest filed bug report in the bug tracker is considered the first report.
Reward Amount based on the severity of the bugs.

Severity Complete Report* + PoC Payment range (if report includes an exploit leading to Kernel compromise)** Payment range (if report includes an exploit leading to TEE compromise)**
Critical Required Up to $150,000 Up to $200,000
High Required Up to $75,000 Up to $100,000
Moderate Required Up to $20,000 Up to $35,000
Low Required Up to $330 Up to $330

* Bug reports that are incomplete or do not include a proof of concept will receive up to $200 depending on severity.
** Subject to the discretion of the rewards committee
For details please see

Discussion or Comment

If you have anything in mind to share, please bring it in the discussion forum here.