Google will pay $1.5 million for the most severe Android exploits

 In android, Biz & IT, bug bounties, exploits, google, PIXEL, titan m

Google will pay $1.5 million for the most severe Android exploits

Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Google will pay $1.5 million for the most severe Android exploits

Enlarge (credit: New Line Cinema)

Google will pay up to $1.5 million for the most severe hacks of its Pixel line of Android phones, a more than seven-fold increase over the previous top Android reward, the company said.

Effective immediately, Google will pay $1 million for a “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices,” the company said in a post published on Thursday. The company will also pay $500,000 for exploits that exfiltrate data out of a Pixel or bypass its lock screen.

Google will offer a 50 percent bonus to any of its rewards if the exploit works on specific developer preview versions of Android. That means a critical Titan M hack on a developer preview could fetch $1.5 million, and a data exfiltration or lockcscreen bypass on a developer preview could earn $750,000, and so on. Previously, rewards for the most severe Android exploits topped out at $200,000 if they involved the trusted execution environment—an independent OS within Android for handling payments, multi-factor authentication, and other sensitive functions—and $150,000 if they involved compromise only on the Android kernel.

Read 6 remaining paragraphs | Comments

Big bump coincides with investments Google has poured into securing its Pixel phone.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt