Skip to main content

Apple pays 5x more than Samsung per exposed vulnerability, but bug bounty program still has flaws

Avatar for Staff Writer  | Jun 15 2022 - 7:50 am PT
0 Comments
new iOS security bugs

A study shows that Apple can pay up to 5x more than Samsung per exposed vulnerability on its bug bounty program. That said, the Cupertino company still faces complaints from researchers, with some saying Apple didn’t give them credit for the zero-day flaw reported.

The study conducted by Atlas VPN shows that Apple pays from $100K to $1 million to researchers who find exploits in their service, while Samsung’s bug bounty program rewards researchers between $200 and $200K for qualified exploits.

Huawei, on the other hand, offers payouts from $200 to $224K for found vulnerabilities in their devices.

Atlas VPN says the data is based on publicly available information on how much the most significant phone and other electronics manufacturing companies pay for found vulnerabilities in their devices.

Site default logo image

Although Apple pays better than Samsung or these other companies shown above, its bug bounty program is not controversy-proof. In 2017, researchers complained about low payouts on discoveries. In 2021, Apple hired a new leader to reform its bug bounty program since security researchers felt “fed up” with it.

At the time The Washington Post included a notable story from Tian Zhang, an iOS software engineer, who claimed to have submitted multiple bugs to Apple and never received a payment:

Tian Zhang, an iOS software engineer, first reported a bug to Apple in 2017. After months of waiting for Apple to fix the bug, Zhang lost patience and decided to blog about his discovery. The second time he reported a security flaw, he says Apple fixed it but ignored him. In July, Zhang submitted another bug to Apple that he says was eligible for a reward. The software was quickly fixed, but Zhang didn’t receive a reward. Instead, he was kicked out of the Apple Developer Program. Membership in the program is required to be able to submit apps to the App Store. Apple did not comment on Zhang’s allegations.

A few days after this report, 9to5Mac also published another story about another researcher that shared their experience claiming that Apple didn’t give them credit for one zero-day flaw they reported which was fixed, and that there were three more zero-day vulnerabilities in iOS 15 at the time.

Have you ever submitted a bug or vulnerability to Apple, and if so, did the company reply back? Share your thoughts in the comment section below.

Add 9to5Mac to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:

Comments

Guides

AAPL Company

AAPL Company

Breaking news from Cupertino. We’ll give you t…
Security

Security

Author

Avatar for Staff Writer Staff Writer