Bounties: A Look at the Wild West of Android Development


Bounties are a popular way for users to put their money where their mouth is when asking developers to tackle some problem. Usually, bounties are aimed towards acquiring root access, but some bounties have been set up to get T-Mobile WiFi calling to work on the Nexus 4 while others have been set up to port Android Wear to Samsung Gear smartwatches.

As long as there is enough community interest in achieving some device-specific goal, you can expect to see people banding together to pledge their money in hopes of attracting developers to reach the bounty’s goal. If you’ve ever participated in a bounty on XDA, then you’re probably aware that the entire effort is completely handled by volunteers. Users are free to create bounty threads for whatever goal they want to achieve, but there are many potential issues that arise from how the bounty is organized to how the payment is distributed that leaves a gray area too murky to handle. Considering how many logistical hurdles and scam possibilities there are when setting up a bounty, it’s incredible that so many have been successful.

Wanted: Root Exploit

It’s up to the users to decide whether or not they want to invest in a bounty prize pool. The financial incentive users create can help drive developers to invest their time and effort into reaching the goal, and gives users a direct way to contribute to developer efforts rather than merely begging. Looking at the outcomes of many high-profile bounties makes it easy to assume that supporting the use of bounties is a no brainer.

Bounty Chart

Table of Successful Bounties with Pledges Over $1,000

But when you take a look at the full data (at least, for all the bounties I could find on XDA) things get a bit more complicated. For starters, you’ll notice that many bounties have been left unclaimed and that most fulfilled bounties are for popular flagship devices. Neither of these observations should be surprising, though, given that most development efforts are already disproportionately seen on the most popular devices anyways. The most striking thing about the data is the fact that there is so much missing data! Proper logistics is the single biggest hurdle that any community-led bounty effort must overcome, without which many potential issues can arise.

Lawless Territory

Just about every player in the bounty process can introduce a headache for any bounty efforts. I’ll start by describing the most common issues stemming from the regular users.

First of all, a pledge does not in any way guarantee that they will actually pay the developer once the bounty has been claimed. Some users can back out of paying the developer for whatever reason. Now, there are, understandably, some legitimate reasons one might need to pull out of the bounty fund, but if many users do so, the effects on the prize pool can be dramatic. For example, less than half of the bounty pledged for root access on the LG G4 was actually paid out to the developer. Some might say that developers were never guaranteed payment for their work, and they’re right — however, developers are less likely to take the effort seriously if the users themselves aren’t going to. If you’re not putting your money where your mouth is, why should the developers listen to your request?

Another issue with pledges is that we have no way of determining whether or not a pledge was ever sincere. In many of the high-profile bounty threads, you’ll see pledges that are hundreds of dollars! It makes you wonder why someone would pledge to shell out so much money when their device is barely worth more than the actual pledge. High pledges do not necessarily mean the user isn’t sincere, however, which can cause a whole heap of issues when users start a flame-war in the XDA thread accusing others of inflating the bounty. Speaking of inflating the bounty, many users in bounty threads bring up a potential issue with developers.

A developer has discovered an exploit that meets the terms set forth by the bounty, but should he claim it immediately? Why not keep it secret to build up the prize pool? Although there is no evidence that this has yet occurred, the possibility should not be tossed aside. As unethical as it might seem, this move does carry with it some risk since another developer can beat them to the punch and claim the bounty before them. Even if a developer holds back on claiming the bounty, as mentioned earlier there’s no guarantee they’ll receive all that’s promised, or that the promised amount is even accurate! Which brings me to my next point, who maintains the bounty?

Bounty threads are an absolute nightmare to keep up with (so kudos to certain community members who have kindly provided templates that we can use). You’ll be searching through posts, PMs, e-mails, or whatever other method you chose to update the bounty list, but sometimes the effort is just too much work to handle for a single person. How do you properly maintain a bounty list while also ensuring every user is a legitimate member of the community that is actually willing to pledge their money?

Let’s say you’re able to keep up with it all, how do you then ensure the developer gets paid? Do you delegate the funds to a single person to distribute? Who can you trust to handle those funds? Even if you do manage to find a trustworthy person willing to manage the bounty funds, you’ll still have to deal with every other problem mentioned earlier. Plus, you may even run into some scammers attempting to claim the bounty for someone else’s work.

Nearly every flagship is sold in international markets, to people of many different countries around the world. Not every developer who uses your favorite flagship phone browses XDA, so some developers working out of China or India might not even be aware of a bounty’s existence. A scammer might try to claim the bounty in these cases by pretending to be the person who found the exploit, and the average user will be none the wiser. It’s up to the community to do their due diligence and ensure that the right person claims credit for their work.

Wild West of Development

To conclude, there’s good evidence to suggest the efficacy of bounties in achieving the goals of an XDA device community based on past experiences. However, the many logistical hurdles that can arise from getting users to cough up the pledges they promised to ensure that the bounty falls into the right hands make bounties difficult to maintain. The community must come together to ensure that the bounty runs smoothly for all involved parties. Thus, we recognize their importance in the community and the developments of various phones.

Have you contributed to a bounty before? Were you satisfied with the results? Let us know in the comments below!