Google expands its Android Security Rewards program and multiplies its top cash prize from $200,000 to $1 million.
An expansion of Google's Android Security Rewards (ASR) program includes a new top prize of $1 million, a massive increase from the previous top prize of $200,000, Google reported today. Researchers could earn even more for exploits found in Android developer preview versions.
The ASR program launched in 2015 to reward researchers who find and report vulnerabilities in the Android ecosystem. Over four years, it has awarded more than $4 million for 1,800 reports. Payouts exceeded $1.5 million in the past year alone; the top reward in 2019 was $161,337.
Now, the program is expanding and increasing the earning potential for white-hat hackers. Google is promising a top prize of $1 million for a "full chain remote code execution exploit with persistence, which compromises the Titan M secure element on Pixel devices," Jessica Lin of the Android Security Team explains in a blog post. Titan M stores credentials on Pixel phones.
While the $1 million prize is for the Titan exploit alone, Google is adding more categories of exploits to its awards program, including those involving data exfiltration and lock-screen bypass. Depending on the exploit category, a researcher could earn up to $500,000.
Read more details here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "What's in a WAF?"
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024