Google announced a new bug bounty reward program that pays you $1.5 million for reporting full chain remote code execution exploit on Android developer preview versions and $1 Million for Titan M secure element on Pixel devices.
Android bug bounty program was created back to 2015 since then Google awarded over 1,800 reports and paid around 4 million dollars to security researchers all around the world.
Pixel 3 with Titan M rated as a strong security mechanism in the built-in security section compared to all other devices. This is one of the main reasons Google announced this high reward program.
Apart from the full chain RCE, Rewards goes up to $500,000 for the exploits involving Pixel Titan M related to a new category data exfiltration and lock screen bypass.
According to a Google report ” Now that we’ve covered some of what’s new, let’s take a look back at some milestones from this year. Here are some highlights from 2019: “
- Total payouts in the last 12 months have been over $1.5 million.
- Over 100 participating researchers have received an average reward amount of over $3,800 per finding (46% increase from last year).
- On average, this means we paid out over $15,000 (20% increase from last year) per researcher!
- The top reward paid out in 2019 was $161,337.
Google Top Payout
Reporter: Guang Gong (@oldfresher)
From : Alpha Lab Qihoo 360 Technology Co. Ltd
Bug Type: 1-click remote code execution exploit chain
Device: Pixel 3
Reward : $161,337 (Android) + $40,000 (Chrome)
Total: $201,337 combined
Starting today November 21, 2019, the new rewards take effect. Any reports that were submitted before November 21, 2019, will be rewarded based on the previously existing rewards table. Google Said.
You can also read the Android security rewards program rules Here.