Google’s Android Security Rewards program, which began in 2015, has paid millions of dollars to security researchers who discover vulnerabilities in its mobile operating system,media outlet Neowin reported. Now, the company is expanding the rewards available to researchers, most notably a new one that could be worth as much as $1.5 million.
Of course, this incentive is for particularly challenging exploits. Google said it would pay researchers $1 million to execute “persistent, full-chain remote code execution vulnerabilities that would break Titan M security components on Pixel devices.” The Titan M chip was first introduced on the Pixel 3 and, according to data from Gartner, is thought to have higher security than any other tested device. If you execute this vulnerability on Android’s “Specific Developer Preview,” the bounty can increase by 50 percent, which will bring the total reward to $1.5 million.
Google said it had paid out about $1.5m in incentives in the past 12 months, including several. During that time, the highest prize was $161,337, and the average bonus for the more than 100 researchers who participated in the study was $3,800 per discovery.
In addition to this very high level of reward, Google has introduced other new levels that offer higher rewards than ever before. These vulnerabilities include exploits involving data breaches and lock screen bypasses, with rewards of up to $500,000.