Despite its generosity, Apple is still facing complaints from bug hunters. Some of them claim that the tech giant does not pay for the vulnerabilities found.
A study conducted by Atlas VPN showed that Apple pays bug hunters from 100 thousand to a million dollars for exploits found. Samsung pays several times less – from 200 to 200 thousand dollars for the exploits found.
Although the fees for the vulnerabilities found by Apple are significantly higher than those of competitors, the Bug Bounty program of the tech giant has its drawbacks. For example, in 2017, bug hunters complained about low payments for detected errors.
In 2021, Apple hired a new manager to reform the Bug Bounty program, as it bored bug hunters. At the same time, The Washington Post published the sensational story of iOS software engineer Tian Zhang, who found many errors in Apple systems, but never received a single award.
The programmer first reported an error in Apple systems in 2017. After several months of waiting for corrections, Zhang lost patience and wrote about his discovery in a blog. According to Zhang, when he reported the bug for the second time, Apple fixed it, but ignored him. In July, the programmer informed Apple about another error, for which it was possible to receive a reward. The company fixed the software, but did not pay Zhang anything and excluded him from the Apple developer program. The company has not commented on Zhang’s accusations.