Affiliate links on Android Authority may earn us a commission.Learn more.
Google paying hackers to help secure your Android experience
June 13, 2025
It is no secret thatGooglehas been offering huge bounties to researchers and hackers for finding bugs in theChromebrowser and other Google software. Indeed, Google hasrecently announcedthat over $4 million has been awarded in the last five years, and they are now opening things up to include the Google Play Store and more, in an effort to bring bettersecurityto the ecosystem surrounding Android.
This sort of bug hunting usually makes the news aroundBlack Hat conventionsand other ‘hacker’ get-togethers, where teams of security minded users compete for awards as much as $1 million a piece to prove significant security vulnerabilities in software. We most often hear of these competitions focusing on the web browser, with Google Chrome usually coming out unscathed.
Due to the success of these sorts of events, it is getting harder and harder for researchers to hit pay dirt for hacking, soGoogleis taking a new approach.
Google will contact researchers that have discoveredbugs in the past, instead of enticing them with awards, they will just be giving them cash. Each research case will be valued at up to $3133.70, paid in advance, with no need for a proven bug. Google’s security team just wants a second opinion on aspects of the Google Play Store and more.
Best of all, all Google built apps for Android and iOS are now included in the scope of theVulnerability Reward Program.
In the end, all of us Android users should be very happy with this move. As a small, yet significant, example, theGoogle Play Storehas its own built-in antivirus tools, checking apps in the store and blocking them if needed. Outside researchers will now help make sure that the antivirus tools themselves are free of flaws.
Google’s head of product security group, Matt Moore, will be announcing more information on this new program soon. We’re sure you’ll hear all about any flaws that may be revealed with this initiative. Hopefully, this will keep Google off of the 2015 version of ourlist of biggest hacksfor a year.
Do you think using ‘hackers’ is the right way to go here, or should security remain an in-house thing?
Thank you for being part of our community. Read ourComment Policybefore posting.
