Skip to main content

Google’s Android bug bounty program announces a $1 million prize

Google has been handing out cash rewards to Android bug hunters since 2015 in an effort to keep the mobile operating system safe and secure and running smoothly.

This week the Mountain View, California-based company announced it is increasing its top payout to a whopping $1 million, with a potential for a 50% bonus that pushes it to $1.5 million.

Recommended Videos

Suffice to say, that kind of money means Google is talking about a particular kind of hack, specifically a “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.” Broadly speaking, it means cracking the Titan M chip on a Pixel phone without having physical access to the device. The $500,000 bonus is being offered for exploits found on specific developer preview versions Android.

Google started using the Titan M chip with its Pixel 3 smartphones that launched in 2018. The company describes it as an enterprise-grade security chip designed to secure the user’s most sensitive on-device data, as well as the device’s operating system. For example, Titan M helps the bootloader — the program that validates and loads Android when the phone turns on — ensure you’re running the right version of Android. It also verifies your lock screen passcode and secures transactions in third-party apps.

A bounty worth a million bucks — and more — should ensure the challenge gets plenty of attention among those with the know-how. Dealing with any exploits will allow Google to further bolster the security of its Pixel devices and avoid potential trouble from more malevolent hackers further down the road.

Google payouts

Google said that since it launched the Android Security Rewards program in 2015, it has awarded over 1,800 reports and paid out more than $4 million.

Total payouts in the past year alone amounted to $1.5 million.

“Over 100 participating researchers have received an average reward amount of over $3,800 per finding (46% increase from last year),” Jessica Lin of the Android Security Team wrote in a blog post this week, adding, “On average, this means we paid out over $15,000 (20% increase from last year) per researcher.”

Google’s largest single payment to date saw a bug hunter receive just over $160,000 in 2019 for uncovering a Pixel 3 exploit.

Last year we heard how an 18-year-old whiz-kid picked up $36,000 from Google after discovering a vulnerability that could have allowed a hacker to make changes to the company’s internal computer systems.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Google just announced 8 big Android updates. Here’s what’s new
A photo of many Android figurines on a white wall.

At Moblie World Congress (MWC ) 2024, Google is bringing a healthy bunch of new features to Android. In line with the AI push all across the industry, some notable AI-driven enhancements are on the table. There are also a handful of core Android features that sound practically amazing.
The first in line is Gemini. The generative AI chatbot recently got a standalone app for Android, and now it’s headed for the Google Messages app. Users can chat with Gemini directly in the messaging app and use its generative capabilities for a host of things, like drafting replies, refining a message, and more.

Another feature that was showcased a while ago is finally ready for prime time. Android Auto is gaining support for message summarization for standalone texts and group chats, and it can also suggest replies. With a single tap, users will also be able to drop a message, start a call, and share an estimated arrival time. The idea is to deploy AI for crucial tasks so that it can minimize distractions while driving.
Lookout, an accessibility-centric feature for users with vision challenges, is also getting meaningful AI love. On Android phones, Lookout will now read AI-generated captions and descriptions for media content. For now, the AI boost to Lookout and Messages is limited to the English language.

Read more
Google just announced Android 15. Here’s everything that’s new
The Android 15 logo on a smartphone.

Android fans, it's time to start your hype engines. Google just released the first developer preview for Android 15 — kicking off the release of the next big Android update.

This is just the first step in a months-long process of Android 15's rollout, which will see numerous developer previews and betas before the final release later this year. So, what's new, when is Android 15 officially releasing, and should you download it? Here's everything you need to know.
What's new in Android 15

Read more
Google just announced five big updates for the Pixel 8 and 8 Pro
A render of the Google Pixel 8 and Pixel 8 Pro in a Mint color.

While the Android world is currently buzzing around the Samsung Galaxy S24 and OnePlus 12, Google has just announced a few big updates to the Pixel 8 series.

The first update is a new Mint color. It's available for the Google Pixel 8 and Pixel 8 Pro, and if you ask me, it looks fantastic. It's a calming mint shade that's not too intense but also not so muted that it's boring to look at. I think it's a strong contender for one of the best Pixel colors we've seen in a while.

Read more