Google Increases Security With Upgraded Android Security Rewards

News in brief:

• Google expands its Android bug bounty program.
• The biggest bug bounty in this new program will be rewarded a staggering $1.5 million.
• There are additional rewards of $500,000 relating to data infiltration and lock screen bypass.
• The changes will go live on 21 November’19.

Android Security Rewards is a program organized by Google to encourage researchers to probe its existing security architecture. 

And recently, Google has added rewards again worth $1 million for those who can figure out a way to compromise its Titan M element (a security chip) used in the Pixel 3 devices, allowing them to have a strong rating for built-in security among the prevailing crop of flagship devices. This Titan M chip can also be found in the Pixel 4 lineup.

Google said in the announcement that researchers that can prove “a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices” will be rewarded the above-mentioned amount.

Through this bounty program of Google for Android, the company has given away over $4 million in the time span of 4 years since it was introduced. The bounty consisted of over 1,800 individual reports. 

What is more, Google has added more to this reward amount – 50%, if the exploit can be replicated on specific developer preview versions of the OS. This simply means that the largest reward in this bounty program can amount to up to $1.5 million. 

To break down this reward – data exfiltration and lock screen bypass will be rewarded up to $500,000 per report, which will be paid out in tiers depending on the nature of the exploit. You can also check Google’s Android Rewards for more information on this topic.

Google’s overall payouts for the last 12 months for this bounty program have been about $1.5 million, with an average of $3,800 per exploit and finding by Android app developers and other researchers.

One thing to address here is that the changes in the bounty program have been applied on November 21, 2019, and all the bounties submitted and reported after this date will be revised under the new rules and vice versa. This can be concerning news for people who have submitted their reports before this date for they will be reward amounts as per the previous program scale.