Skip to main content

Google’s Android bug bounty program announces a $1 million prize

Google has been handing out cash rewards to Android bug hunters since 2015 in an effort to keep the mobile operating system safe and secure and running smoothly.

This week the Mountain View, California-based company announced it is increasing its top payout to a whopping $1 million, with a potential for a 50% bonus that pushes it to $1.5 million.

Suffice to say, that kind of money means Google is talking about a particular kind of hack, specifically a “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.” Broadly speaking, it means cracking the Titan M chip on a Pixel phone without having physical access to the device. The $500,000 bonus is being offered for exploits found on specific developer preview versions Android.

Google started using the Titan M chip with its Pixel 3 smartphones that launched in 2018. The company describes it as an enterprise-grade security chip designed to secure the user’s most sensitive on-device data, as well as the device’s operating system. For example, Titan M helps the bootloader — the program that validates and loads Android when the phone turns on — ensure you’re running the right version of Android. It also verifies your lock screen passcode and secures transactions in third-party apps.

A bounty worth a million bucks — and more — should ensure the challenge gets plenty of attention among those with the know-how. Dealing with any exploits will allow Google to further bolster the security of its Pixel devices and avoid potential trouble from more malevolent hackers further down the road.

Google payouts

Google said that since it launched the Android Security Rewards program in 2015, it has awarded over 1,800 reports and paid out more than $4 million.

Total payouts in the past year alone amounted to $1.5 million.

“Over 100 participating researchers have received an average reward amount of over $3,800 per finding (46% increase from last year),” Jessica Lin of the Android Security Team wrote in a blog post this week, adding, “On average, this means we paid out over $15,000 (20% increase from last year) per researcher.”

Google’s largest single payment to date saw a bug hunter receive just over $160,000 in 2019 for uncovering a Pixel 3 exploit.

Last year we heard how an 18-year-old whiz-kid picked up $36,000 from Google after discovering a vulnerability that could have allowed a hacker to make changes to the company’s internal computer systems.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Does the Google Pixel Watch have fall detection? Not yet, but it’s coming soon
Lifestyle image of a woman wearing a Google Pixel Watch.

Looking for a great Android smartwatch? The Google Pixel Watch is Google's response to the Apple Watch and the Samsung Galaxy Watch. With this new kid on the block, Google has inaugurated its own multi-device hardware-software ecosystem with many of the same critical health and safety features.

The Pixel Watch offers Google's software suite, which users can access via LTE or smartphone connection, and incorporates health resources from Fitbit's fitness line. The new watch, which runs Wear OS 3.5, is designed for optimal integration with the Google Pixel 7 and Google Pixel 7 Pro smartphones, which debuted alongside it.

Read more
Is the Google Pixel Watch waterproof? Read this before getting it wet
Someone using a Google Pixel Watch for measure activities.

There's a new smartwatch on the scene, and it comes to you courtesy of Google, the company that brings you the flagship Pixel 7 and Pixel 7 Pro smartphones. Designed as a direct competitor to the Apple Watch and Samsung Galaxy Watch, the Google Pixel Watch, a new member of the Pixel family, includes numerous health and safety features running on the Wear OS 3.2 platform.

The round-faced Google Pixel is constructed from recycled stainless steel and Corning Gorilla Glass. Its traditional design is reminiscent of classic watches and includes a tactile crown. The device is designed to record information about your health via heart rate tracking, sleep tracking, and assorted workout modes, while an ECG app lets you assess your heart rhythm for AFib. It employs Fitbit’s activity tracking to record stats and monitor your progress.
The Google Pixel Watch's water resistance rating

Read more
AT&T just made it a lot easier to upgrade your phone
AT&T Storefront with logo.

Do you want to upgrade your phone more than once a year? What about three times a year? Are you on AT&T? If you answered yes to those questions, then AT&T’s new “Next Up Anytime” early upgrade program is made for you. With this add-on, you’ll be able to upgrade your phone three times a year for just $10 extra every month. It will be available starting July 16.

Currently, AT&T has its “Next Up” add-on, which has been available for the past several years. This program costs $6 extra per month and lets you upgrade by trading in your existing phone after at least half of it is paid off. But the new Next Up Anytime option gives you some more flexibility.

Read more