This is definitely good news for all Android App developers out there! For the first report on a specific vulnerability in Android, Google will reward the developer who reported it.  This program will be running in parallel with Google’s other program called Patch Reward program which is similar to Security Reward Program but the reward is for finding bugs in the open source projects whereas the latter reward program is for finding security bugs in Android Nexus 6 and Nexus 9 only. Unfortunately, if the bug has been disclosed to public previously or to a third party company for purposes other than fixing the bug, it will not qualify for the reward.

There are a few categories for the reward program. For security bug which is classified as critical, Google will give the base reward as high as $2000, whereas if the bug is classified as high, the base reward amount will be $1000 while for moderate bug classification, it will be $500.  On top of that, if there is standalone reproduction code or test case in addition to the bug report, Google will increase the reward up to 1.5x the base amount. However, if the bug report comes with the fix or CTS tests that detect the bug, then the reward will be 2x the base amount. If there is both the CTS test and the fix, Google will reward up to 4x the base amount.

This program is definitely an interesting program for all the app developers out there.  This could also be the starting that can lead to a safer Android environment.