Google paid out over $2m to security researchers last year for reporting flaws in Google products, of which $200,000 went on bugs in Android in just five months.
Google says it has laid out more than $6m in rewards to researchers since launching its bug bounty program in 2010, which helps the search giant secure Chrome, online services such as Google.com and YouTube, and Android.
Last June, the company introduced a vulnerability rewards program for Android bugs that affect its Nexus devices. Its arrival was timely, coming just one month before the first Stagefright bugs were discovered, which have since prompted Google, Samsung and LG to commit to regular monthly security updates for flagship Android handsets.
However, the company has revealed that in six months it paid out more than $200,000, meaning it accounted for roughly 10 percent of the $2m Google awarded in total last year. In 2014 Google paid $1.5m to researchers.
The largest single payment to a researcher under the Android program so far is $37,500.