CATEGORIES
home News

Google's Android Bug Bounty Balloons To $1.5 Million Max Payout

by Brandon HillThursday, November 21, 2019, 12:51 PM EDT
android couple
Google's Android bug bounty program has come a long way since its humble roots back in mid-2015. At the time, the search and software giant offered a maximum payout of $38,000 for specific exploits that compromised the world's most popular operating system. Today, Google has announced that its maximum payout now weighs in at up to a staggering $1.5 million if certain exploit conditions are met.

Google previously offered payouts that maxed out at $200,000, but the new "baseline" top prize is $1 million. The $1.5 million maximum payout is achieved with a $500,000 bonus that will likely be incredibly tough to pull off.

The purpose of the bug bounty is to help beef up the security of both its first-party Pixel hardware and the Android operating system as a whole. Android in particular has been a common target for hackers -- we recently covered an exploit that leverages the Google Camera app -- so it should come as no surprise that Google wasn't to make sure that its hardware and software is as secure as possible.

google pixel 4 xl front

As of today, the Android bug bounty covers the following devices:

  • Pixel 4 and Pixel 4 XL
  • Pixel 3a and Pixel 3a XL
  • Pixel 3 and Pixel 3 XL
  • Pixel 2 and Pixel 2 XL

However, the new $1.5 million top prize is reserved for Pixel 3/Pixel 3 XL and newer devices as they feature Google's Titan M security chip. Titan M is responsible for securing the bootloader, on-device encryption, lock screen protection, and generating (and storing) private keys for apps.

As Google explains, the "Top prize of $1 million for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices." If that exploit chain is then combined with exploits in "specific developer preview versions of Android", a 50 percent bonus is enacted, which brings the total to the aforementioned $1.5 million.

According to Google, it has paid over $1.5 million to researchers over the past year for discovering exploits via its bug bounty program. The highest payout to-date weighs in at $201,337 and it was awarded to a member of the Alpha Lab division of Qihoo 360 Technology.

Tags:  Android, Google, (nasdaq:goog), bug bounty
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment