Google created Android Security Rewards to reward people for finding security vulnerabilities in Android. And the reward was cash, which is the best kind of reward. To date, Google has paid out over $550,000!
There were 82 individuals who were paid, 15 of which got over $10,000. Many of the vulnerabilities were related to the Media Server, which was a significant problem before its vulnerabilities were patched. And surprisingly, no one has claimed the top reward for a complete remote exploit chain leading to TrustZone or Verified Boot compromise.
Since the program has been a success for Google and those finding security vulnerabilities, Google is making the deal even better. High quality vulnerability reports with proof of concept get a 33% pay bump, and ones with a patch get an additional 50% bump. There are other rewards that have been increased as well.
The great thing about security exploits is that there is no shortage of them. As the software evolves, old ones are patched and new ones come up. So if you know what you’re doing, start participating and get paid for it!