
Google’s 2020 VRP Payments About Double 2018 Figures
Google reported that the company paid out $6.7 million USD in bug bounty regards in 2020. The money was spread out over four program areas – Android, Chrome, Google Play, and Abuse.
Google’s bug bounty rewards, officially known as Vulnerability Reward Programs (VRPs) are structured so white-hay hackers can help Google secure their products while making some money.
READ 20 Online Courses for a Successful Career in Cyber Security
The 2020 figure is a three percent increase over the 2019 bug bounty payments totaling $6.5 million USD. However, this year’s VRP payments were almost double the 2018 bug bounty total.
“Within this dynamic environment, we are particularly interested in research that protects users’ privacy, ensures the integrity of our technologies, as well as prevents financial fraud or other harms at scale,” says the post from Google.

The bug bounty rewards were paid out to 662 paid cyber security researchers in 62 countries. The largest award was $132,500 USD.
In 2018, Google expanded its VRP program to include product abuse risks. These bug awards are for reports on techniques that allow malicious third parties to successfully bypass Google’s abuse, fraud, and spam systems. It could also include something that may cause damage to the platform or technology.
Google Bug Bounty Highlights
- Android VRP paid out $1.74M in rewards
- Chrome VRP researchers earned $2.1M for 300 bugs
- Google Play Security Rewards Program and Developer Data Protection Reward Program awarded more than $270,000
These bug bounty payouts are amazing and dedicated people can definitely earn some good money. But not all of Google’s Bug Hunters are individuals who stumbled upon a vulnerability.
For example, one Bug Hunter standout, Guang Gong (@oldfresher) works with a team at 360 Alpha Lab, Qihoo 360 Technology Co. Ltd. They have been reward the most with eight reports.
Interested in getting started as a white-hat hacker? Check out these online courses for a successful career in security research.
Follow Google’s bug bounty program on Twitter at @GoogleVRP for the latest updates and programs.