Apple’s Bug Bounty Program has been in and out of the news, mostly because of complaints from security researchers. However, a recent study shows that the iPhone maker can afford to pay five times more than rival smartphone brand, Samsung, for vulnerabilities discovered by researchers.
A recent Atlas VPN study shows that Samsung’s bug bounty program pays security researchers between $200 and $200,000 for discovered vulnerabilities. Based on information available to the public, the study discovered that Huawei also pays a similar amount, ranging between $200 and $224,000. However, these rewards are dwarfed by Apple’s program, where payouts for eligible developers range between $100,000 to $1 million.
Payouts from other Android smartphone makers such as Xiaomi and BBK Electronics companies (OnePlus and Oppo) are also relatively low. Xiaomi pays between $800 and $13,000, while BBK Electronics’ payouts can go up to $7,000. Based on the severity of the vulnerability, LG pays up to $4,200 to some researchers.
However, the higher payouts haven’t attracted developers as much as Apple would have liked. The company has been the subject of complaints from researchers. They allege that Apple pays less than it promises and sometimes doesn’t pay at all, even if zero-day vulnerabilities were discovered. The complaints began streaming in 2017 and didn’t cease when the company hired a new lead for its bug bounty program in 2021.
Notably, a report from September last year showed that Apple’s “insular culture” has created blind spots in the security program because ethical hackers and researchers are inclined to share vulnerabilities with the community instead of with Apple. Industry experts reasoned that the company’s bad reputation in researchers’ circles could translate into potentially insecure products for customers.
[Via Atlas VPN]