Google Android Bug Hunting Program Paying $1.5 Million

Bug Bounty
Bug Bounty
  • Google Android Paying $1.5 Million To Find Security Bugs

  • Hack To Earn!

The new Android Security rewards program increase up-to $1.5 million to help Google to make it more secure.

Including following program covers security vulnerabilities discovered in the latest available Android versions for Pixel phones and tablets.

  • Pixel 4 device
  • Pixel 3a and Pixel 3a XL devices
  • Pixel 3 and Pixel 3 XL devices

Android Security Rewards covers bugs in code that runs on eligible devices and isn’t already covered by other reward programs at Google. Eligible bugs include those in AOSP code, OEM code (libraries and drivers), the kernel, the Secure Element code, and the TrustZone OS and modules.

Vulnerabilities in other non-Android code, such as the code that runs in chipset firmware, may be eligible if they impact the security of the Android OS.

Code execution reward amounts as follow

  • Pixel Titan M Up to $1,000,000
  • Secure Element Up to $250,000
  • Trusted Execution Environment Up to $250,000
  • Kernel Up to $250,000
  • Privileged Process Up to $100,000

Data exfiltration reward amounts

  • High value data secured by Pixel Titan M Up to $500,000
  • High value data secured by a Secure Element Up tp $250,000

Lockscreen bypass reward amount

  • Lockscreen bypass up to $100,000

Qualifying exploit chains

Google is rewarding extra for a full exploit chain (typically multiple vulnerabilities chained together) that demonstrates arbitrary code execution, data exfiltration, or a lockscreen bypass. The actual reward amount is at the discretion of the rewards committee and depends on a number of factors, including (but not limited to):

  • Whether there is a detailed writeup describing how the exploit works.
  • The initial attack vector (ie. remote exploitation versus local).
  • Whether the exploit is device- or build-specific, or whether it works across a broad set of builds and devices.
  • The amount of user interaction required for the exploit to work.
  • Whether the user could feasibly detect that an exploit is in progress or has completed.

How reliable the exploit is?

Exploits chains found on specific developer preview versions of Android are eligible for up to an additional 50 percent reward bonus.

Google Android Security Rewards program was announced in 2015. The Company claims that, they have paid out over 4 Million dollars to security researchers who reported the vulnerabilities.

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

More from Priyanshu Sahay

Bug in Google News App- Data Amount Spends in GB Without Users Knowledge

Google News App users have been experienced with Excessive Gigabytes Background Data...
Read More

Leave a Reply