Google now paying open source developers to make security improvements to Android

November 20, 2013

    android-securityGoogle has been a long time rewarder of those who find security related bugs in its Chrome web browser, in fact it has been known to give out as much as $60,000 per bug to security researchers who were able to demonstrate an exploit in Chrome during a Google organized competition. Last month Google extended its reward scheme to include patches submitted to open source projects that improved the security of that project. The initial list of supported projects included OpenSSH, BIND and OpenSSL.

    This week Google has announced that it is extending this new Patch Reward Program to cover other open source projects including Android!¬†The Patch Reward Program is intended ¬†to be more than just a open source bug hunt, but rather a way to provide real financial incentives for coders who submit patches that¬†proactively improve the security of a project. In other words¬†fixing a known security vulnerability doesn’t qualify, but if a developer adds¬†code to improve security, for example by adding privilege separation or by enabling Address Space Layout Randomization¬†(ASLR) etc., then they qualify.

    The way it works is this, patches need to be submitted to the maintainers of the open source project, like AOSP, and then Google needs to be notified about the patch and what it does. If Google reckons the patch has a positive impact on security then the developer will get a reward ranging from $500 to $3,133.7.

    By including Android in this scheme Google are yet again proving that it takes Android security seriously. Android 4.3 included several security enhancements, as did Android 4.4 and¬†since Google moved the¬†Verify Apps¬†feature, which¬†scans any apps that are being installed and blocks the harmful ones, from the OS into the Google Play Services, every Android user from Android 2.3 onwards can rest assured that malicious apps can’t be easily installed on their device, regardless of the installation source.

    Other projects now eligible for the Patch Reward Program are Apache httpd, Sendmail, Postfix, Exim, Dovecot, OpenVPN, GCC, binutils, and LLVM.

    Comments

    • Shark Bait

      Google are really taking note of what people are saying.
      People used to say the ui lagged so project butter came along.
      People used to say that fragmentation was such a big deal so thay
      made play services
      People are currently pissed about security so they are making big steps to improve it

      Well done Google this is the kind of attude you need to stay on top!

      • anywherehome

        but has stopped integrating visible innovations (no IR blaster, miracast, multi-window – Samsung is the real innovator in the Android ecosystem), even a step back = removed Permissions manager in 4.4 so I had to uninstall dangerous apps including Facebook

        Google probably doesn’t want us to protect ourselves in much higher level with a permission manager

        • Shark Bait

          I wouldnt say stopped, they are more about iterative design and constant improvement at the moment, which is still a good thing.
          I cant understand why an IR blaster is left of the nexus, especially since kitkat supports it, and i would indeed like to see multi window too. however Samsungs implementation seems poor, id like to see something like windows RT has on my tablet. Android seems perfect for multi window with the way it renders apps, Its something apple would find very hard to replicate. I am disappointed with every release that doesn’t bring this

          • anywherehome

            I agree, basically what I wrote, but still slow implementation of obvious features
            = Miracast, multi-window, full handsfree tablet – phone, poor desktop management

            Nexus is really boring…the same wrong strategy like Apple iCons’ losing net profit and market-share

            Samsung’s innovations bring more and more money for Samsung…..Google owes Samsung more and more for at least 60% of android users

            • Shark Bait

              Dont you think nexus is exciting for other reasons? Cheap, unlocked and carrier-less is pretty revolutionary i think.
              I’d also say samsung is a success because of its marketing more than anything else. Im not saying they havnt done good things, but they market them better than every one else, which is why they sell so much.

            • anywherehome

              I didn’t buy SGS4 because of marketing, but because or IR blaster, Micracast I use quite a lot = Hangout on my TV is great! But needs to be faster and more comfortable, but still very useful.

              and thats another thing = Google’s Android marketing sucks so Nexuses are not a huge success

              but I was wrong, Google has improved the Permission manager!!! great! Now I feel much safer :)

            • Shark Bait

              So what made you choose it over the HTC one?
              And in the uk alot of people know and have the nexus 7, its very popular here. The phones however arent, i dont think their suppose to have the same mass market appeal otherwise that would be competing with them self with Motorola

            • anywherehome

              replaceable battery = great for traveling….with HTC One I would stuck somewhere

              I still don’t understand that idiotic non-replaceable battery strategy

            • Shark Bait

              I see, it’s a trade off for superior build quality though. It wouldn’t be such and issue if their was a massive battery in there , its about time someone made that happen

            • anywherehome

              plastic is
              1) lighter
              2) more durable
              3) easily replaceable battery and cover
              4) superior build quality over other solutions

              other solutions are just good looking solutions without any real purpose, without brain for iToys

            • Shark Bait

              well your comparing all plastics to aluminium thats bold! (and stupid). A well engineered aluminium alloy will be lighter and more durable. Also how do you think it has superior build quality? I think you are the first person ive heard say that!

            • anywherehome

              yes, it can be….but dont be stupid, you dont see these exceptions therefore it is not true what you are saying ;)

            • Shark Bait

              You say the build quality isn’t better? Have you held one? They just feel better and more solid than a plastic one. Its natural that something that is solid and has no joins in it will feel better than something with lots of components in in, that all have the potential to move

            • anywherehome

              “feel better and more solid” just feel, but we are not talking about feelings
              plastic is simply best in every reasonable aspect except for “feelings” of iUtdated iPeople :)

            • Shark Bait

              Well it does. Why is plastic better ? Why do you think the build quality and feel ks better?

            • anywherehome

              should I write it again? Ok, copy paste

              1) lighter
              2) more durable
              3) easily replaceable battery and cover
              4) superior build quality over other solutions


              + 5) cheaper

            • Shark Bait

              yeah i get 1,2 + 3 but dispute 4. Id like to know hoe you think it has superior build quality?

              i agree with the rest:
              1) lighter – yes
              2) more durable – depends
              3) easily replaceable battery and cover – yes and importaint
              5) cheaper – yes and importaint

            • anywherehome

              so mostly you agree, thx, thats all folks….da dy da dy da dy ja da :)

    • MasterMuffin

      I love how the max price is so precise :D Also “ASOP”?

      • raazman

        3133.7 > ELEET > Elite

        • MasterMuffin

          >_< wow I'm blind :D

          • raazman

            Haha, I guess Google thought $3000 was not amusing enough.

    • Groud Frank

      The beauty of open source systems. The community, not a handful elitist, can make a contribution, a meaningful one, for the good of the system and the people that use it. Some people think open source is Android’s weakness but it is actually its most powerful weapon against malware and competition from other platforms. Need more proof? Take a look at the 80% market share Android has.

    Popular

    Latest