Google Already has its bounty program and at present Google is expanding the Android Bug bounty program with new exfiltration and lock screen bypass categories
Google’s Titan M security
At a basic level, Google’s Titan M is a security-focused chip that sits along with the main processor.
It ensures the boot condition for starting up Android, ensures that it hasn’t tampered at a low level.
If you find the vulnerabilities that targeting Titan M chip, you can get a reward of $1 Million dollars.
Previously paid records
If you look back to the previous records of 12 months, Google paid over $1.5 million USD in terms of bug-bounty rewards and over $4 Million USD for 1,800 reports since the launch in 2015.
Highest Paid reward
The highest-paid reward was received by Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd for a “remote code execution exploit chain on the Pixel 3 device”
For this Gong was awarded $161,337 from the Android Security Rewards program and addition $40,000 from Chrome Rewards for a total of $201,337.
Google is expanding its project
At present, Google is expanding its project reward by offering a $1 million rewards for developing a “full chain remote code execution exploit with persistence” that compromises the Titan M secure chip on Pixel devices.
Along with that, Google is also offering an additional 50% bounty on vulnerabilities on the developer previews of Android.
The total reward goes up to $1.5 million USD.
“Today, we’re expanding the program and increasing reward amounts.”
“We are introducing a top prize of $1 million for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices. Additionally, we will be launching a specific program offering a 50% bonus for exploits found on specific developer preview versions of Android, meaning our top prize is now $1.5 million.”
Addition to the reward bonus
Along with the above rewards types, some researchers can also earn their rewards in the new categories.
The first categories are data exfiltration vulnerabilities. In this, hackers can access data on a device and can also steal it by transferring the data to a controlled location.
In the second category, it is related to lock screen bypasses which can be used to access the locked device without the user passcode.