Google’s Android Bug Bounty program announces a prize of $ 1 million

Advertisement

Google has been awarding cash rewards to Android bug hunters since 2015 in an effort to keep the mobile operating system safe and secure and to run smoothly.

This week, the Mountain-based, California-based company announced it is raising its top payout to as much as $ 1 million, with a potential for a 50% bonus that will push it up to $ 1.5 million.

Advertisement

Suffice it to say that this type of money means that Google is talking about a certain type of hack, in particular "full execution of external code execution with persistence that jeopardizes the secure element of Titan M on Pixel devices." Broadly speaking, it means the Titan cracking M-chip on a Pixel phone without physical access to the device. The $ 500,000 bonus is offered for exploits found in specific Android versions of the developer preview.

Google started using the Titan M chip with its Pixel 3 smartphones that were launched in 2018. The company describes it as an enterprise-grade security chip designed to protect the most sensitive data on the device and the operating system of the device. For example, Titan M helps the boot loader – the program that validates and loads Android when the phone is switched on – to ensure that you are using the correct version of Android. It also verifies your lock screen access code and secures transactions in third-party apps.

A premium worth a million dollars – and more – should ensure that the challenge receives a lot of attention from those with the know-how. By handling any exploits, Google can further strengthen the security of its Pixel devices and prevent potential problems of malicious hackers further down the road.

Google payouts

Google said that since it launched the Android Security Rewards program in 2015, it has awarded more than 1,800 reports and has paid out more than $ 4 million.

The total payouts in the past year alone amounted to $ 1.5 million.

"More than 100 participating researchers have received an average reward amount of more than $ 3,800 per finding (an increase of 46% compared to last year)," Jessica Lin from the Android Security Team wrote in a blog post this week, adding : "On average, this means we paid more than $ 15,000 (a 20% increase over last year) per researcher."

So far, Google & # 39; s largest single payment to date has received a bug hunter just over $ 160,000 for discovering a Pixel 3 exploit.

Last year we heard how an 18-year-old whiz-kid raised $ 36,000 from Google after discovering a vulnerability that could have allowed a hacker to change the company's internal computer systems.

Advertisement

Comments are closed.