PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Google Pays Out $550,000 to Android Bug Hunters

Now, the Web giant is increasing Android award amounts for bugs filed after June 1.

Angela Moscaritolo
 & Angela Moscaritolo Managing Editor, Consumer Electronics

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Android security researchers are making some serious cash finding bugs in Google's mobile platform.

A year after expanding its bug bounty program to cover Android-powered gadgets, like the Nexus 6 and Nexus 9, Google on Thursday announced it has paid security researchers more than $550,000 for finding bugs. That money went to 82 individuals, meaning Google paid an average of $2,200 per reward and $6,700 per researcher.

Going forward, Google said it will now pay 33 percent more for "high-quality" vulnerability reports with proof of concept. For instance, a Critical vulnerability report with proof of concept will now earn you $4,000 rather than $3,000. The change affects all vulnerability reports filed after June 1.

Looking back over the past year, Google said it has received more than 250 qualifying Android vulnerability reports. This year's top performer, @heisecode, earned $75,750 for 26 reports. Fifteen researchers earned $10,000 or more.

More than a third of reports affected Android's Media Server component, which Google has hardened in Android N, making it more resistant to vulnerabilities. And while the program is focused on Nexus devices, more than a quarter of the reported issues affect code developed and used outside of the Android Open Source Project.

"Fixing these kernel and device driver bugs helps improve security of the broader mobile industry (and even some non-mobile platforms)," Google wrote.

Nobody managed to snag the top prize for a complete remote exploit chain leading to TrustZone or Verified Boot compromise. Now, the stakes for finding a bug like this are even higher: Google is increasing the reward from $30,000 to $50,000.

About Our Expert

Angela Moscaritolo

Angela Moscaritolo

Managing Editor, Consumer Electronics

My Experience

I'm PCMag's managing editor for consumer electronics, overseeing an experienced team of analysts covering smart home, home entertainment, wearables, fitness and health tech, and various other product categories. I have been with PCMag for more than 10 years, and in that time have written more than 6,000 articles and reviews for the site. I previously served as an analyst focused on smart home and wearable devices, and before that I was a reporter covering consumer tech news. I'm also a yoga instructor, and have been actively teaching group and private classes for nearly a decade. 

Prior to joining PCMag, I was a reporter for SC Magazine, focusing on hackers and computer security. I earned a BS in journalism from West Virginia University, and started my career writing for newspapers in New Jersey, Pennsylvania, and West Virginia.

The Technology I Use

My little Florida beach bungalow is brimming with smart home tech. I have a smart speaker or display in every room, allowing me to control other connected devices by voice. The Nest Hub on my bedside table lets me set wake-up alarms, control my smart light bulbs, and set the temperature on my smart thermostat. I use the Amazon Echo Show 8 on my kitchen counter to browse recipes, reorder protein powder, check the weather, and watch the news while I do dishes. 

Because I suffer from allergies, air purifiers are essential. My favorite model is the Dyson Purifier Cool TP07, which doubles as a fan and continuously sends indoor pollution data to its companion mobile app. 

My pitbull Bradley sheds, so a good robot vacuum is a must. I currently use a premium Ecovacs Deebot that can both vacuum and mop, empty its own dustbin, and wash its own mop cloth. 

For fitness, I like to mix up my routine with cycling, indoor rowing, running, and strength training in addition to yoga. I take classes on the Tonal 2 smart strength training machine, I row indoors on an Aviron machine, and track my beach runs with an Apple Watch while listening to music on my Apple AirPods Pro. On the weekends, I love riding e-bikes like the rugged, beach-friendly Aventon Aventure for fun and fitness.

My job involves a lot of virtual meetings, so a quality webcam, microphone, and ring light are important. I use the Jabra PanaCast 20 webcam, the Elgato Wave: 3 microphone, and a Yesker tripod ring light. 

As for my preferred phone platform, I'm an iPhone person, but I've also extensively used Android for product testing.

Read the latest from Angela Moscaritolo

Read full bio