Google pays people to find and close the flaws in its systems. This is pretty common throughout the tech industry, largely because it motivates people to approach from different backgrounds and with contrasting ways of thinking, something you can't get from internal employees. With Google products getting into the hands of billions of people and serving mission critical roles, it's crucial that services and information are safe.
Over the past five years, Google says it has paid over 1.5 million dollars to people that discovered vulnerabilities in Chrome and other products through its Security Rewards program. Now it will expand this program to cover Android.
This means security researchers can make money discovering and fixing vulnerabilities found in Nexus devices available for sale in the Play Store. But that's not all, Google will offer even larger rewards to people who perform tests and provide patches that improve the entire Android ecosystem. The largest rewards will go to those who are able to get around Android's security features such as ASLR, NX, and app sandboxing.
Google will also continue to pay for contributions to Android made through its Patch Rewards program, as well as sponsor mobile pwn2own and other competitions aimed at strengthening Android. And considering the sheer number of flaws we already know are out there, this all looks like a good way for someone to make a buck helping Google, and the rest of us, out.
- Google Online Security blog