Links on Android Authority may earn us a commission. Learn more.
Google now paying open source developers to make security improvements to Android
This week Google has announced that it is extending this new Patch Reward Program to cover other open source projects including Android! The Patch Reward Program is intended to be more than just a open source bug hunt, but rather a way to provide real financial incentives for coders who submit patches that proactively improve the security of a project. In other words fixing a known security vulnerability doesn’t qualify, but if a developer adds code to improve security, for example by adding privilege separation or by enabling Address Space Layout Randomization (ASLR) etc., then they qualify.
The way it works is this, patches need to be submitted to the maintainers of the open source project, like AOSP, and then Google needs to be notified about the patch and what it does. If Google reckons the patch has a positive impact on security then the developer will get a reward ranging from $500 to $3,133.7.
By including Android in this scheme Google are yet again proving that it takes Android security seriously. Android 4.3 included several security enhancements, as did Android 4.4 and since Google moved the Verify Apps feature, which scans any apps that are being installed and blocks the harmful ones, from the OS into the Google Play Services, every Android user from Android 2.3 onwards can rest assured that malicious apps can’t be easily installed on their device, regardless of the installation source.
Other projects now eligible for the Patch Reward Program are Apache httpd, Sendmail, Postfix, Exim, Dovecot, OpenVPN, GCC, binutils, and LLVM.