Skip to main content

Google’s Android bug bounty program announces a $1 million prize

Google has been handing out cash rewards to Android bug hunters since 2015 in an effort to keep the mobile operating system safe and secure and running smoothly.

This week the Mountain View, California-based company announced it is increasing its top payout to a whopping $1 million, with a potential for a 50% bonus that pushes it to $1.5 million.

Suffice to say, that kind of money means Google is talking about a particular kind of hack, specifically a “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.” Broadly speaking, it means cracking the Titan M chip on a Pixel phone without having physical access to the device. The $500,000 bonus is being offered for exploits found on specific developer preview versions Android.

Google started using the Titan M chip with its Pixel 3 smartphones that launched in 2018. The company describes it as an enterprise-grade security chip designed to secure the user’s most sensitive on-device data, as well as the device’s operating system. For example, Titan M helps the bootloader — the program that validates and loads Android when the phone turns on — ensure you’re running the right version of Android. It also verifies your lock screen passcode and secures transactions in third-party apps.

A bounty worth a million bucks — and more — should ensure the challenge gets plenty of attention among those with the know-how. Dealing with any exploits will allow Google to further bolster the security of its Pixel devices and avoid potential trouble from more malevolent hackers further down the road.

Google payouts

Google said that since it launched the Android Security Rewards program in 2015, it has awarded over 1,800 reports and paid out more than $4 million.

Total payouts in the past year alone amounted to $1.5 million.

“Over 100 participating researchers have received an average reward amount of over $3,800 per finding (46% increase from last year),” Jessica Lin of the Android Security Team wrote in a blog post this week, adding, “On average, this means we paid out over $15,000 (20% increase from last year) per researcher.”

Google’s largest single payment to date saw a bug hunter receive just over $160,000 in 2019 for uncovering a Pixel 3 exploit.

Last year we heard how an 18-year-old whiz-kid picked up $36,000 from Google after discovering a vulnerability that could have allowed a hacker to make changes to the company’s internal computer systems.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
The Google Pixel 6 Pro doesn’t deserve its bad reputation
Pixel 6 Pro in the pocket

The Google Pixel 6 Pro is not having the best month, publicity-wise. A broken software update in December 2021 caused problems before it was halted, but this only compounded the issues owners were already apparently having with the phone. Check Twitter, Reddit, and other online spaces, and you’ll find what appears to be plenty of disgruntled Pixel 6 owners voicing their disappointment with the device, including several high-profile YouTubers.

Has Google’s darling Pixel fallen from grace? Are we ready to strip it of its “Editor’s Choice” badge in our review? No, not yet. While people clearly have legitimate gripes about the Pixel 6 and Pixel 6 Pro, there are also many who don’t have any issues with the phone at all. I know, because I’m one of them.
What’s the problem?
The Pixel 6 and Pixel 6 Pro’s Android 12 software seems to be the root of the now widely discussed problems, which were made worse by Google pausing the December software update due to reports of it causing calls to be dropped on some devices. A new software update with a fix has been promised for late January. But frustrations have started to push owners over the edge.

Read more
Pixel 3a confirmed to get Android 12L even as Google winds down Pixel 3 support
Google Pixel 3a XL hands on.

With the announcement of Android 12L, Google shared a list of Pixel phones expected to receive the beta when it began the testing period in December. While the Pixel 3 was understandably absent, Google also didn't include the newer Pixel 3a -- which was taken as an indication that it was likely not going to get the newer Android version when it rolls out. Fortunately, that's not the case, as Google confirmed to Digital Trends over email that it was an oversight and documentation would be updated shortly.

According to Google, the Android 12L beta will be going out to the following Pixel phones: Pixel 6 Pro, Pixel 6, Pixel 5a with 5G, Pixel 5, Pixel 4a (5G), Pixel 4a, and Pixel 4.  It will not be coming to the Pixel 3, which received its last guaranteed update with Android 12. The Pixel 3's exclusion is a little weird, though. Launched in May of 2019, Google promises updates for up to three years post-launch. As indicated by the company's Pixel software support list, this means the Pixel 3a should expect major updates through May of 2022.

Read more
Google Pixel 6 Pro display bug will be fixed in December patch
Google Pixel 6 Pro's screen.

The Google Pixel 6 Pro might be one of Google's best new phones (and one of the best Android phones in general), but that doesn't mean it's immune to minor bugs. A flickering issue has afflicted the display of some Pixel 6 Pro units, and Google has reached out to let affected buyers know that a fix is on the way.

"Pixel 6 Pro users may notice slight, transient display artifacts when the device is turned off, and when they press on the power button with slight pressure but not enough to turn it on," a Google community manager explained on support forums (via 9to5Google). While users might be tempted to cycle the power button in response (aka, tapping it repeatedly over and over again), Google says not to do so. Instead, they are advised to just hold the power button till the phone comes on. As far as issues go, it truly is a minor one, and Google says that it'll be fixed with a December 2021 update, so expect it to come at the tail end of this month or the first week of December.

Read more