MANILA, Philippines – Google has paid out over $550,000 in bounties since it rolled out an Android Security Rewards program to help improve its mobile operating system.

In an Android Developers blog post last Thursday, June 16, the company said it paid out over $550,000 to 82 individuals for 250 qualifying vulnerability reports, averaging $2,200 per reward or around $6,700 per researcher.

Among these researchers, the top researcher, @heisecode, earned $75,750 for 26 vulnerability reports. The tech giant also paid 15 researchers $10,000 or more.

Google added some changes will make its way to the bug bounty program’s vulnerability reports filed after June 1.

Simply put, the rewards moving forward will be larger.

High-quality vulnerability reports with a proof of concept will get 33% more. High-quality vulnerability reports “with a proof of concept, a CTS Test, or a patch will receive an additional 50% more.”

Meanwhile, a remote or proximal kernel exploit will have its payout increased from $20,000 to $30,000, while “a remote exploit chain or exploits leading to TrustZone or Verified Boot compromise” will now pay out $50,000, up from $30,000.

More information on the Android Security Rewards rules can be found on this page. – Rappler.com