Google offer bug bounty of $40,000
Not only that, they've announced a new programme which hopes to ensure the security of third-party software on Android, which will poke developers until they stop using programming libraries which are known to be out-of-date in their apps.
Google’s Adrian Ludwig, the lead of Android security says: "We see mobile becoming arguably the most important way people connect to the internet. We’re seeing it providing two-factor authentication, as well, and the root of trust in the way that users interact." But at the moment, "most security research is still focused on legacy systems. We’re trying to move that, by incentivising security researchers to focus their energy on mobile."
This new scheme is called Android Security Rewards, and is very similar to something Google did with their web browser, which saw over a million dollars being paid out.
"As part of the scanning of apps, we don’t just look for intentionally bad behaviour anymore: we’re also looking for mistakes," Ludwig continued. "A really obvious example of what we’re looking out for: including a version of OpenSSL that’s an old version. Starting about a year ago, we began scanning apps, and notifying developers if they have made that sort of mistake."
"Our goal is to get to the point where there’s a common baseline. We want to put structures in place to help developers update their apps, so the quality of all apps rises."
So, if this sounds like your bag, you need to find bugs that affect the new Nexus 6 and Nexus 9 devices - $500 for a minor bug, upward to more complicated stuff.