Google announced today that it will pay up to $8,000 to security researchers who find vulnerabilities in Android.
It's the latest extension of Google's various security rewards programs, which began paying security researchers who found weaknesses in Google or YouTube in 2010, and more recently expanded to Chrome.
"Open security research is a key strength of the Android platform. The more security research there is focused on Android — the stronger it will become," wrote Google engineer Jon Larimer in a post on the company's security blog announcing the program.
Mobile hacks represent a tiny percentage of the overall security breach landscape. According to the 2015 Verizon Data Breach Investigation Report, only .03 percent of devices on the company's network were infected with malicious code. Still, Android devices — because they are popular and run an open-source operating system — pace the field. Rewarding researchers is one way to take advantage of the open system to address security concerns.
The amount of the reward scales with the severity of the vulnerability and whether or not the researcher has also developed a fix for the problem. So the discovery of a "Moderate" bug with no fix pays $500, while the discovery of a "Critical" vulnerability with a "well-written" patch pays $8,000.