Google has announced the Android Security Rewards programme at a hacker event in London which will see Android bugs included in the range of vulnerabilities that can lead to cash bounties for those who find them.
Typical rewards top out at $8,000, but Google might pay up to $30,000 in certain circumstances.
"We're launching Android Security Rewards to help reward the contributions of security researchers who invest their time and effort in helping us make Android more secure," said the firm.
"Through this programme we provide monetary rewards and public recognition for vulnerabilities disclosed to the Android Security Team.
"The reward level is based on the bug severity and increases for higher quality reports that include reproduction code, test cases and patches."
The reward programme is currently limited to the Nexus 6 and Nexus 9, but Google may extend the range of devices at a later date.
"Android Security Rewards covers bugs in code that run on eligible devices and aren't already covered by other reward programmes at Google," the company said.
"At this time, vulnerabilities that only affect other Google devices (such as Nexus Player, Android Wear or Project Tango) are not eligible for Android Security Rewards."
The low end of the threat spectrum will pay out rewards starting at $333, a similar amount to that offered by Dropbox, while a serious compromise could earn as much as $30,000.
Google said that the rewards will vary, and that it will also make the payments to a charity if asked to do so. Participants are advised to test vulnerabilities only on their own devices.
"The final amount is always chosen at the discretion of the reward panel. We understand that some of you are not interested in money. We offer the option to donate your reward to an established charity," the firm said.
"If you do so, we will double your donation - subject to our discretion. Any rewards that are unclaimed after 12 months will be donated to a charity of our choosing."
Bug bounties have been on the agenda recently. Mozilla recently doubled the amount of cash it pays out to vulnerability reporters.
Windows 10 Chinese Government Edition completed by Microsoft
And even when IoT projects do get completed, one-third aren't considered a success
So, the Frontier Edition launches at the end of June, the Radeon RX Vega in July - and the Ryzen 3 straight after?
From accidentally selling sensitive data on eBay, to forgetting that security solutions needs to be 'on' to work, we've got the full rundown of the worst security gaffes ever