Samsung is doing its part to help improve mobile security. The South Korean electronics giant recently launched a bug bounty program that’ll award up to $200,000 in exchange for qualified security reports.
The Mobile Security Rewards Program classifies vulnerabilities into four categories – low, moderate, high and critical – and awards cash payouts accordingly (a low-priority bug, for example, could earn as little as $200).
As is the case with other bounty programs, participants will need to craft a valid proof-of-concept in order to position themselves for the biggest possible payout. Apps developed and signed by Samsung must be up to date and in the event Samsung receives duplicate reports of a specific vulnerability, only the first one is eligible for a reward.
Samsung is only interested in bugs that have a security impact. If your exploit requires the physical connection of a debugging tool, phishing or clickjacking or has a very low probability of being exploited, don’t bother sending it in. You should also know that Samsung employees and family members aren’t eligible to participate.
Samsung invites users to poke around on most of its newer Galaxy S, Galaxy Note, Galaxy A, Galaxy J and Galaxy Tab series devices in search of exploits. A full list of conditions for rewards qualification can be found over on Samsung’s mobile website.