Android security researchers are making some serious cash finding bugs in Google's mobile platform.

A year after expanding its bug bounty program to cover Android-powered gadgets, like the Nexus 6 and Nexus 9, Google on Thursday announced it has paid security researchers more than $550,000 for finding bugs. That money went to 82 individuals, meaning Google paid an average of $2,200 per reward and $6,700 per researcher.

Going forward, Google said it will now pay 33 percent more for "high-quality" vulnerability reports with proof of concept. For instance, a Critical vulnerability report with proof of concept will now earn you $4,000 rather than $3,000. The change affects all vulnerability reports filed after June 1.

Looking back over the past year, Google said it has received more than 250 qualifying Android vulnerability reports. This year's top performer, @heisecode, earned $75,750 for 26 reports. Fifteen researchers earned $10,000 or more.

More than a third of reports affected Android's Media Server component, which Google has hardened in Android N, making it more resistant to vulnerabilities. And while the program is focused on Nexus devices, more than a quarter of the reported issues affect code developed and used outside of the Android Open Source Project.

Related 4 Notable Security Upgrades Coming to Android N

"Fixing these kernel and device driver bugs helps improve security of the broader mobile industry (and even some non-mobile platforms)," Google wrote.

Nobody managed to snag the top prize for a complete remote exploit chain leading to TrustZone or Verified Boot compromise. Now, the stakes for finding a bug like this are even higher: Google is increasing the reward from $30,000 to $50,000.

Further Reading