The top bug hunter in the past year received $75,750 for 26 vulnerability reports and 15 individuals received $10,000 or more. The average was $2,200 per reward and $6,700 per researcher. "High-quality" reports -- that is, those that show a proof of concept and come with a proposed patch -- will earn 50 percent more than regular bug submissions.
Finding and squashing these bugs could greatly improve Android's security, but participants are also encouraged to report problems outside the OS. Google said that more than a quarter of the issues were reported in code developed and used outside of the Android Open Source Project (AOSP). "Fixing these kernel and device driver bugs helps improve security of the broader mobile industry," the company said in a blog post.
Offering more money is a great way to get enterprising hackers and developers to report the vulnerabilities instead of exploiting them for malicious uses. Google also has similar programs for Chrome and other Google services, and has shelled out more than a million dollars in rewards. If you think you've found an Android vulnerability and want a cut of that sweet payout, you can read all the details on how to join here.