Skip to main content

Google’s Android bug bounty program announces a $1 million prize

Google has been handing out cash rewards to Android bug hunters since 2015 in an effort to keep the mobile operating system safe and secure and running smoothly.

This week the Mountain View, California-based company announced it is increasing its top payout to a whopping $1 million, with a potential for a 50% bonus that pushes it to $1.5 million.

Recommended Videos

Suffice to say, that kind of money means Google is talking about a particular kind of hack, specifically a “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.” Broadly speaking, it means cracking the Titan M chip on a Pixel phone without having physical access to the device. The $500,000 bonus is being offered for exploits found on specific developer preview versions Android.

Google started using the Titan M chip with its Pixel 3 smartphones that launched in 2018. The company describes it as an enterprise-grade security chip designed to secure the user’s most sensitive on-device data, as well as the device’s operating system. For example, Titan M helps the bootloader — the program that validates and loads Android when the phone turns on — ensure you’re running the right version of Android. It also verifies your lock screen passcode and secures transactions in third-party apps.

A bounty worth a million bucks — and more — should ensure the challenge gets plenty of attention among those with the know-how. Dealing with any exploits will allow Google to further bolster the security of its Pixel devices and avoid potential trouble from more malevolent hackers further down the road.

Google payouts

Google said that since it launched the Android Security Rewards program in 2015, it has awarded over 1,800 reports and paid out more than $4 million.

Total payouts in the past year alone amounted to $1.5 million.

“Over 100 participating researchers have received an average reward amount of over $3,800 per finding (46% increase from last year),” Jessica Lin of the Android Security Team wrote in a blog post this week, adding, “On average, this means we paid out over $15,000 (20% increase from last year) per researcher.”

Google’s largest single payment to date saw a bug hunter receive just over $160,000 in 2019 for uncovering a Pixel 3 exploit.

Last year we heard how an 18-year-old whiz-kid picked up $36,000 from Google after discovering a vulnerability that could have allowed a hacker to make changes to the company’s internal computer systems.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Security experts just found a massive flaw with Google Pixel phones
A person holding the Google Pixel 8 Pro.

Google is patching a serious firmware-level vulnerability that has been present on millions of Pixel smartphones sold worldwide since 2017. “Out of an abundance of precaution, we will be removing this from all supported in-market Pixel devices with an upcoming Pixel software update,” the company told The Washington Post.

The issue at heart is an application package called Showcase.apk, which is an element of Android firmware that has access to multiple system privileges. Ordinarily, an average smartphone user can’t enable or directly interact with it, but iVerify’s research proved that a bad actor can exploit it to inflict some serious damage.

Read more
The Google Pixel 9 may not have the Android version you expected
Official teaser of the Google Pixel 9 Pro.

Google’s holding its next big event on August 13, where we expect to see the new Google Pixel 9 lineup, including the Pixel 9 Pro Fold and other goodies. But Google may end up doing something very odd, considering the timing of the event. The Pixel 9 series may not ship with Android 15, breaking a longstanding tradition.

In the past several years, Google has always launched the newest Pixel phone with the newest version of Android, which only makes sense considering Google creates both the hardware and software. In 2021, the Pixel 6 series launched with Android 12. Then, the Pixel 7 launched with Android 13, and last year, the Pixel 8 launched with Android 14.

Read more
The Google Pixel 8a may not get one of Android 15’s coolest features
The back of the Google Pixel 8a.

One of the most highly anticipated new features in Android 15 may not be available on the recently launched Google Pixel 8a. If true, it's bad news for anyone who just purchased Google's newest budget handset.

Android Authority reports that the least expensive Pixel 8 model will not support the Auracast feature in Android 15. This feature allows users to share their phone’s audio with multiple Bluetooth devices — making it a lot easier to share a song or video with friends/family without disturbing other people around you.

Read more