- Google just published some new stats on its various security rewards programs.
- Part of the blog post centers on a list of Android OEMs that have devices with security updates from the past 90 days.
- The list gives you a very clear idea of which companies value security updates — and which ones don’t.
Today, Google published a blog post on its Android Developers Blog celebrating a big milestone: giving away over $3 million to “bug hunters” — people who find security flaws in Android and report them to Google for a financial reward.
Amazingly enough, the average reward is $2,600, and the average amount of money each person has made from bug hunting is $12,500. One researcher named Guang Gong earned a whopping $105,000 for one report: a remote exploit chain.
While this is all very interesting and makes us feel very safe knowing that bug hunters are out there doing their thing, what really interested us was buried at the bottom of the blog entry. There, Google gives a list of the Android OEMs with a majority of their deployed devices running a security update from the last 90 days.
The list is quite illuminating.
As one would expect, the companies which are usually very good at issuing timely security updates to Android devices are well-represented on the list. For example, every OnePlus device from the 2016 OnePlus 3 to the 2018 OnePlus 6 had security updates from the last 90 days. The list of Samsung devices is very long indeed, with even the 2016 edition of the mid-range Galaxy A5 having a recent security update.
However, some other manufacturers have very small representation on the list. Very small.
For example, HTC only has two devices on the list: the HTC U11 Plus and the HTC U12 Plus. I guess only HTC flagships from the past year can get security updates within 90 days of their release? And ZTE did even worse, with only one device (the ZTE Blade A6 Max) getting a security update in the past three months. Granted, ZTE had bigger things to worry about.
You can see the full list at the Android Developers Blog. It might be helpful to give it a look before committing to buy a phone from one of those manufacturers.