Google Bug Bounty Program Expands To Android With $38,000 Max Payout
That limits the program to the Nexus 6 and Nexus 9, at least for now -- Google says the set of devices that qualify for monetary rewards will change over time. For now, it's just those two, and it's also worth mentioning that vulnerabilities that only affect other Google devices like the Nexus Player, Android Wear, and Project Tango are not eligible.
Disclaimer aside, there's some big money that can be made. Google's pay scale goes up to $8,000 for bugs that include a patch and CTS test, plus a potential bonus payment of up to $30,000 if the security flaw allows an attacker to go through a remote or proximal attack vector. That's a grand total of up to $38,000 per bug.
Google's ultimate goal is to improve the security of Android, currently the most popular mobile OS in the world. The challenge Google faces is fragmentation. Only the Nexus 6 and Nexus 9 devices are included in the bug bounty program at the moment because Google needs to figure out how to quickly assess whether a bug on a device like the HTC One or Galaxy S6 is the fault of Android or the result of carrier and manufacturer customizations.