Skip to main content

Google will give you up to $200K if you can hack the newest version of Android

google antitrust eu extension version 1475495165 androidn head
Think you’ve got the hacking chops to breach a flagship Android phone? Google’s willing to pay you to prove it. On Wednesday, the Mountain View, California-based company announced Project Zero, a contest that asks enterprising hackers to demonstrate flaws in the company’s smartphone operating system in exchange for cold, hard cash.

“Despite the existence of vulnerability rewards programs at Google and other companies, many unique, high-quality security bugs have been discovered as a result of hacking contests,” Google’s Natalie Silvanovich wrote in a blog post. “The goal of this contest is to find a vulnerability or bug chain that achieves remote code execution on multiple Android devices knowing only the devices’ phone number and email address.”

Related Videos

Here’s how it works: Hackers who uncover a serious security bug, exploit, or flaw in Android are encouraged to publish them on the Android issue tracker, a public forum devoted to documenting Android issues, from visual glitches to wonky Wi-Fi. Posts will have to be detailed — contest participants must share a “full description” of how the exploit works with the expectation that, if verified independently, they’ll be published on a public Google blog. They’ll have to work on Google’s branded Nexus devices, the Huawei-made Nexus 6P and LG’s Nexus 5X, plus any devices running an up-to-date build of Android 7.0 Nougat. And the more, the better — reported bugs can contribute to a larger Project Zero submission at any time during the contest’s six-month period, Google said.

The prizes ain’t half bad. The winner of the contest takes home $200,000, while the runner-up will net $100,000. An undisclosed number of entries will be receive a consolatory prize of $50,000 as well. And there’s no way to lose: Google said bugs that aren’t submitted during the entry period may be considered for other contests like Android Security Rewards, as well as future, as-yet-unannounced promotions.

Project Zero’s impetus, Google said, was discovering bugs that would otherwise go unreported. Another motivation? Developing fixes quickly, and in some cases pre-emptively. “Our main motivation is to gain information about how these bugs and exploits work,” Silvanovich wrote.” There are often rumors of remote Android exploits, but it’s fairly rare to see one in action. We’re hoping this contest will improve the public body of knowledge on these types of exploits.”

More broadly, Google is hoping to dissuade unscrupulous types who otherwise might be inclined to sell exploits to the highest bidder. McAfee’s Center for Strategic and International Studies estimated that the cost of cybercrime is somewhere around $160 billion a year. And as use of mobile devices has climbed to unprecedented levels, the price of so-called zero-day bugs — exploits deriving from a previously unknown vulnerability — on internet black markets has mirrored that growth. A zero-day flaw in the latest version of iOS, for example, can sell for as much as $250,000, according to Wired, and some foreign governments have reportedly paid nearly half a million dollars for comparable bugs.

“We’re hoping to get dangerous bugs fixed so they don’t impact users,” Silvanovich said. “We’re [hoping] that this contest will give us another data point on the availability of these types of exploits.”

Project Zero began Wednesday.

Editors' Recommendations

Google just announced 9 new features for your Android phone and watch
Samsung Galaxy S23 showing Google Photos

Google has announced some big new features coming to Android and Wear OS devices during the Mobile World Congress 2023 event in Barcelona, Spain. These new features are beginning to roll out starting today, February 27, with others to come later.
New Android features available starting February 27

Google Drive users will now be able to do freehand annotation on Android phones and tablets. This means you are now able to use a stylus or your fingers to annotate PDFs directly in the Google Drive app on Android.

Read more
The Pixel 7’s best camera trick is coming to the iPhone and all Android phones
Erasing items in Magic Eraser.

The Google Pixel series of phones, specifically the Pixel 6 and Pixel 7, have an exclusive feature called Magic Eraser. With Magic Eraser, you can get rid of unwanted objects in a photo, such as people in the background or things like power lines. As of today, Magic Eraser is becoming available to all Android phones and iPhone users through Google One.

Magic Eraser debuted on the Pixel 6 lineup, which includes the Pixel 6, Pixel 6 Pro, and the more affordable Pixel 6a, which is still available to purchase (the Pixel 6 and 6 Pro have been discontinued). If you have a Pixel 7 or Pixel 7 Pro, you also have the Magic Eraser feature. One of the reasons I had always wanted a Pixel device is because of Magic Eraser, and it is something that I desperately wished Apple would implement.

Read more
When is my phone getting Android 13? Google, Samsung, OnePlus, and more
Android 13 logo on a Google Pixel 6a.

Android 13 has been available for Android phones since late 2022, and it's a pretty minor update from Google. Well, we say minor, but that's only in comparison to the positively gargantuan number of changes that were in Android 12 — and in light of Google's policy of trickling out improvements to Android apps over the course of a year as soon as they're ready. Android 13 is more of a tune-up to the engine that powers your phone than anything else. But it's still one worth getting excited for.

Tablet and foldable owners will see the most benefits, and there will be some updates to Material You to improve Android's customizability. There really isn't much else to say about Android 13. It's a very under-the-hood update, and that trend appears to be continuing with the upcoming Android 14 as well.

Read more