Skip to main content
  1. Home
  2. Mobile
  3. News

Google will give you up to $200K if you can hack the newest version of Android

By

google antitrust eu extension version 1475495165 androidn head
Image used with permission by copyright holder
Think you’ve got the hacking chops to breach a flagship Android phone? Google’s willing to pay you to prove it. On Wednesday, the Mountain View, California-based company announced Project Zero, a contest that asks enterprising hackers to demonstrate flaws in the company’s smartphone operating system in exchange for cold, hard cash.

“Despite the existence of vulnerability rewards programs at Google and other companies, many unique, high-quality security bugs have been discovered as a result of hacking contests,” Google’s Natalie Silvanovich wrote in a blog post. “The goal of this contest is to find a vulnerability or bug chain that achieves remote code execution on multiple Android devices knowing only the devices’ phone number and email address.”

Recommended Videos

Here’s how it works: Hackers who uncover a serious security bug, exploit, or flaw in Android are encouraged to publish them on the Android issue tracker, a public forum devoted to documenting Android issues, from visual glitches to wonky Wi-Fi. Posts will have to be detailed — contest participants must share a “full description” of how the exploit works with the expectation that, if verified independently, they’ll be published on a public Google blog. They’ll have to work on Google’s branded Nexus devices, the Huawei-made Nexus 6P and LG’s Nexus 5X, plus any devices running an up-to-date build of Android 7.0 Nougat. And the more, the better — reported bugs can contribute to a larger Project Zero submission at any time during the contest’s six-month period, Google said.

Related

The prizes ain’t half bad. The winner of the contest takes home $200,000, while the runner-up will net $100,000. An undisclosed number of entries will be receive a consolatory prize of $50,000 as well. And there’s no way to lose: Google said bugs that aren’t submitted during the entry period may be considered for other contests like Android Security Rewards, as well as future, as-yet-unannounced promotions.

Project Zero’s impetus, Google said, was discovering bugs that would otherwise go unreported. Another motivation? Developing fixes quickly, and in some cases pre-emptively. “Our main motivation is to gain information about how these bugs and exploits work,” Silvanovich wrote.” There are often rumors of remote Android exploits, but it’s fairly rare to see one in action. We’re hoping this contest will improve the public body of knowledge on these types of exploits.”

More broadly, Google is hoping to dissuade unscrupulous types who otherwise might be inclined to sell exploits to the highest bidder. McAfee’s Center for Strategic and International Studies estimated that the cost of cybercrime is somewhere around $160 billion a year. And as use of mobile devices has climbed to unprecedented levels, the price of so-called zero-day bugs — exploits deriving from a previously unknown vulnerability — on internet black markets has mirrored that growth. A zero-day flaw in the latest version of iOS, for example, can sell for as much as $250,000, according to Wired, and some foreign governments have reportedly paid nearly half a million dollars for comparable bugs.

“We’re hoping to get dangerous bugs fixed so they don’t impact users,” Silvanovich said. “We’re [hoping] that this contest will give us another data point on the availability of these types of exploits.”

Project Zero began Wednesday.

Editors' Recommendations

Topics
Kyle Wiggers
Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Huawei’s gorgeous Pura 70 phones just got expanded availability
Huawei Pura 70 pink, green, white, and black colors.

Huawei Pura 70 Huawei

After being announced for China in mid-April, the Huawei Pura 70 series is now confirmed for the EU market. Those in the European market can expect to preorder the Pura 70, Pura 70 Pro, and the top-tier Pura 70 Ultra starting May 2 for 999 euros, 1,199 euros, and 1,499 euros, respectively. This pricing is in line with what we saw in China, with the Ultra coming in at 9,999 yuan ($1,400) and the base Pura 70 at 5,499 yuan ($760).

Read more
The Honor Magic 6 RSR is my new favorite Android phone of 2024
Someone holding the Honor Magic 6 RSR outside.

There's no doubt that 2024 has already been an exciting year for Android phones. Samsung wowed us with the Galaxy S24 series at the beginning of the year, the OnePlus 12 and 12R are two of the best phones available right now, and Google is expected to impress later this month with the Google Pixel 8a.

But for the last few weeks, I haven't been thinking about any of those phones. Why? Because I've been using the Honor Magic 6 RSR. After launching in China this past March, the Magic 6 RSR is now available in the EU, and that's allowed more folks than ever to get their hands on the phone. And that's great, because the Honor Magic 6 RSR has quickly become my new favorite Android phone of 2024.
It has some of 2024's best smartphone hardware

Read more
5 phones you should buy instead of the Samsung Galaxy S24 Plus
A Samsung Galaxy S24 Plus laying on concrete.

Looking to upgrade your phone this year? You may be considering Samsung’s new Galaxy S24 Plus, which is the middle child of the S24 lineup. Given how solid the S24 Plus is, that's not a bad idea at all.

But is the Galaxy S24 Plus the best phone you can get? Maybe not, as there are plenty of other great choices that you can choose from as well. Here are some of the best alternatives to the Galaxy S24 Plus that you should take a look at before spending your hard-earned dollars.
Samsung Galaxy S24 Ultra

Read more