Google introduced its bug bounty programme for Android back in 2015 wherein the winner was rewarded with prize money of $38,000
As the concerns over cybersecurity intensify, tech companies are looking for contributions from the hacker fraternity to mitigate potential loopholes in software for better user experience. Google has revised its bug bounty programme to offer as high as $1.5 million (roughly Rs 10.8 crore) as a reward to security researchers for discovering high-level vulnerabilities on the Pixel 4 smartphones.
In a blog post, Google said it will reward security researchers who can find full exploit chain in Pixel 4 devices with prize money of up to $1 million. The vulnerability that needs to be the top priority while looking for bugs, has to “demonstrate arbitrary code execution, data exfiltration, or a lock screen bypass.” These bugs necessarily have to be those in AOSP code, OEM code, kernel, Secure Element Code, and the TrustZone OS.
The prize money of $1 million will be rewarded when a security researcher manages to break into Titan M chip and explore vulnerabilities impacting the security. Titan M is a chipset that scans the device for potential malware or spyware threat on Pixel devices.
Google said it will provide a payout of $500,000 if the researcher discovers exploit chains on “specific developer preview versions of Android”. This brings the total reward money up to $1.5 million. There are different categories for reward amounts depending on the severity of the discovered vulnerability.
The blog post also mentions certain eligibility criteria for vulnerabilities to qualify under the Android Security Rewards Program Rules, Google’s bug bounty programme.
Google introduced its bug bounty programme for Android back in 2015 wherein the winner was rewarded with prize money of $38,000. Google said it had paid close to $4 million to hackers over time for reporting around 1,800 bugs in Android products.
“Through this program, we provide monetary rewards and public recognition for vulnerabilities disclosed to the Android Security Team,” said Google in the blog post announcing new prize money for bug bounty hunters.