Indian cybersecurity researcher Aman Pandey tops Google’s Android bug bounty program
In a blog post, Google revealed that Aman Pandey, an Indian cybersecurity researcher and founder and CEO of Bugsmirror, was one of the top researchers in the tech giant’s Vulnerability Reward Program (VRP) last year. Pandey discovered and submitted 232 vulnerabilities in Android last year. It had been reporting flaws since 2019 and has so far submitted more than 280 valid vulnerabilities to the Android program, according to the blog post.
Most tech companies like Apple, Google, Microsoft, and others pay researchers for any “bugs” or software flaws those researchers can find in their products. The rewards are commonly referred to as “Bugs bounty”.
“I have been working in security research for almost four years now. And the relentless passion and hard work of the Bugsmirror team towards security research has helped us to design and locally develop applications integrated with algorithms. These helped us locate vulnerabilities with unparalleled speed and accuracy. Programs like this (Google’s) have helped not only search companies like ours, but also users in general to understand the importance of search for privacy and security,” Pandey told indianexpress. .com.
According to Google, it paid out $8.7 million under its Vulnerability Reward Program (VRP) in 2021. For Android alone, that number stood at $3 million ($2,935,244 or approximately Rs 22 crore) in rewards. This was almost double the figure from the previous year. A total of 119 researchers from around the world have been awarded for discovering critical flaws in Android.
The program also awarded the highest payout in history this year: $157,000 for an exploit chain discovered in Android. He also offered a $1.5 million bounty for finding compromises in his Titan-M security chip that the company uses in its Pixel mobile devices. The prize remains unclaimed so far.
The blog post also makes a special mention of Yu-Cheng Lin, a Chinese Android security researcher, who submitted a total of 128 valid reports in 2021.
Google’s bug bounty program for its Chrome browser saw a total of $3,288,000 (around Rs 24.6 crore) given away to 115 researchers. Of the total amount, $3.1 million was awarded for Chrome Browser vulnerabilities and $250,000 for Chrome OS vulnerabilities.
Chrome OS VRP researcher Rory McNamara won $45,000, the highest single prize awarded in the program, for reporting a root escalation bug. Such flaws can allow an attacker to gain illicit access to elevated rights and privileges with a device or what is also known as root access privilege.
The Google Play VRP paid out $550,000 in rewards to 60 security researchers. The Google Cloud Platform VRP winners for 2021 have not been announced.