Google announced the Android Security Rewards program this week at the Black Hat Mobile Summit in London. Google controls over-the-air updates only for apps written by Google for its Nexus phones and tablets running the latest version of Android, Lollipop. The top-end reward for a critical Android bug approaches $40,000; that would involve a single exploit or a chain of attacks that compromise the Android TrustZone or Verified Boot from an installed app can be worth an additional $30,000.
Source: https://threatpost.com/of-non-nexus-devices-and-the-android-security-rewards-program/113375/