Now, you can bag $1.5 million bug bounty from GoogleLast updated on Nov 22, 2019, 07:22 pm
For years, Google has been running a bug bounty program to learn about dangerous vulnerabilities in Android.
The effort has not only helped the internet giant keep the Android ecosystem safe but also given security researchers a way to make quick money.
Now, in another move in this direction, it is increasing the top reward under the program to $1.5 million.
$1 million for finding bugs in Pixel phones
While a bug bounty running in millions sounds tempting, Google isn't offering this for any random issue.
The company says it'll offer $1 million to researchers demonstrating/reporting a "full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices."
This means Google wants you to show a way to hack the dedicated security chip built into Pixels.
Added bonus for flagging issues in specific Android versions
In addition to the fixed $1 million, Google is also offering an additional 50% bonus for flagging bugs in "specific developer preview versions" of Android.
So, technically, if you manage to demonstrate a way to break into a Pixel - without having physical access to the device - running a specific version Android, you would be entitled to a prize up to $1.5 million.
Titan M chip comes on Pixel 3, Pixel 4 family
Google had debuted Titan M chip with the Pixel 3 family and is offering the same with the Pixel 4 line-up too.
The hardware has been designed for added smartphone security by double-checking boot conditions, verifying firmware signatures, handling lock screen passcodes and keeping malicious apps from making changes on the device.
It was rated as the strongest security tool by Gartner.
Google's bug bounty program has grown a lot
Since its launch in 2015, Google's bug bounty program has come a long way.
In fact, in the early days, the top reward for finding and reporting a bug was just $38,000.
Now, with the latest changes, the number has crossed a million mark, which, to note, is also the bounty amount Google has paid out over the last 12 months.