Google is going to start stumping up big money for researchers who can pinpoint bugs in the Android operating system.
The scheme of paying folks to find flaws in software before malicious parties discover them, in order to get them patched before any harm is done, is nothing new for Google – but this is the first time bounties have been offered for the company's mobile OS.
Towards the end of last year, Google upped the bounty on finding bugs in the Chrome browser to $15,000 (£9,500), but it will offer up to $40,000 (£25,000) for those who help stamp out Android's vulnerabilities (the minimum reward is $500 – £320 – and the amount paid out will depend on the seriousness of the bug, and the amount of work provided in terms of details or a possible fix).
The Guardian reports that Google’s Adrian Ludwig, head of Android security, commented: “We see mobile becoming arguably the most important way people connect to the internet … [yet] most security research is still focused on legacy systems. We’re trying to move that, by incentivising security researchers to focus their energy on mobile.”
Google has also made the move to scan third-party Android apps for out of date software libraries which might also pose a threat in terms of vulnerabilities, in order to get developers to stop using outdated code.
This measure was actually introduced in a trial form last year, but Ludwig says it is now going beyond a mere experiment, and will be fully rolled out.
All this is definitely welcome news for Android users, as it should help to make both the OS and its many apps safer and more secure. Those who discover the bugs may also find their name added to the Google Hall of Fame, a nice bonus as well as the cash, and something that certainly won’t look bad on anyone’s CV.