Google Announces up to $1.5 Million Reward For Reporting Android Exploits

Android Security Rewards website
Image Courtesy: Google

As part of its plans to make Android more secure from would-be hackers, Google is upping its rewards for security researchers who can break into its software services and hardware products. The company on Thursday published a blog post detailing the new, enhanced rewards that could potentially fetch cyber-security researchers and white-hat hackers up to $1.5 million for hacking into its Pixel smartphones.

According to Jessica Lin from the Android Security Team, the biggest reward would be a $1 million payout for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices. “Additionally, we will be launching a specific program offering a 50% bonus for exploits found on specific developer preview versions of Android, meaning our top prize is now $1.5 million”, she said.

In addition to exploits involving Pixel Titan M, Google also added other categories of exploits to the rewards program, such as those involving data exfiltration and lockscreen bypass. These rewards go up to $500,000 depending on the exploit category. The new rewards took effect from yesterday, November 21st, so any reports that were submitted before that date will be rewarded based on the previous arrangement.

The exciting new rewards are part of Google’s Android Security Rewards (ASR) program that was originally announced in 2015 to reward researchers who find and report security issues to help keep the Android ecosystem safe. The company claims to have paid out over four million dollars for more than 1,800 reported vulnerabilities in the past four years, with the total payout in the last 12 months said to have been $1.5 million.

Featured Image Courtesy: Google

comment Comments 0
Leave a Reply