Skip to main content
  1. Home
  2. Phones
  3. Android
  4. Mobile
  5. News

Google’s Android bug bounty program announces a $1 million prize

Add as a preferred source on Google

Google has been handing out cash rewards to Android bug hunters since 2015 in an effort to keep the mobile operating system safe and secure and running smoothly.

This week the Mountain View, California-based company announced it is increasing its top payout to a whopping $1 million, with a potential for a 50% bonus that pushes it to $1.5 million.

Recommended Videos

Suffice to say, that kind of money means Google is talking about a particular kind of hack, specifically a “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.” Broadly speaking, it means cracking the Titan M chip on a Pixel phone without having physical access to the device. The $500,000 bonus is being offered for exploits found on specific developer preview versions Android.

Google started using the Titan M chip with its Pixel 3 smartphones that launched in 2018. The company describes it as an enterprise-grade security chip designed to secure the user’s most sensitive on-device data, as well as the device’s operating system. For example, Titan M helps the bootloader — the program that validates and loads Android when the phone turns on — ensure you’re running the right version of Android. It also verifies your lock screen passcode and secures transactions in third-party apps.

A bounty worth a million bucks — and more — should ensure the challenge gets plenty of attention among those with the know-how. Dealing with any exploits will allow Google to further bolster the security of its Pixel devices and avoid potential trouble from more malevolent hackers further down the road.

Google payouts

Google said that since it launched the Android Security Rewards program in 2015, it has awarded over 1,800 reports and paid out more than $4 million.

Total payouts in the past year alone amounted to $1.5 million.

“Over 100 participating researchers have received an average reward amount of over $3,800 per finding (46% increase from last year),” Jessica Lin of the Android Security Team wrote in a blog post this week, adding, “On average, this means we paid out over $15,000 (20% increase from last year) per researcher.”

Google’s largest single payment to date saw a bug hunter receive just over $160,000 in 2019 for uncovering a Pixel 3 exploit.

Last year we heard how an 18-year-old whiz-kid picked up $36,000 from Google after discovering a vulnerability that could have allowed a hacker to make changes to the company’s internal computer systems.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Samsung’s new Flex Titanium tech could make foldable creases less noticeable
Foldable lock screen in Samsung One UI 8 on Galaxy Z Fold 7.

Samsung just gave us our first real look at what's coming to the next generation of Galaxy foldables, and it involves titanium. The company unveiled its new Flex Titanium display technology today, and it actually sounds like a genuine step forward and not just another buzzword.

What exactly is Flex Titanium?

Read more
Opera’s growth shows users will switch browsers when given a choice
Turns out people love having options, and Opera is reaping the rewards.
Opera browser open on iPhone

When was the last time you thought about switching your phone's browser? For a long time, most people just stuck with whatever came preinstalled, which was Safari on iPhone and Google Chrome on Android. But Opera's latest numbers suggest that changing, and the company is riding a nice wave of growth.

In a blog post, Opera shared that the combined monthly active users of its Android and iOS browsers grew 66% in the UK and 40% in the US year over year during the second quarter. That’s a big jump in two of the most competitive markets out there.

Read more
It’s hot out there, but please stop putting your warm phones in the fridge
That viral trick of putting your phone in the fridge is a bad idea
Representative Image

Every summer, social media rediscovers the same "life hack": if your phone gets too hot, stick it in the fridge for a few minutes. It sounds logical. Refrigerators are cold. Phones are hot. Problem solved. Except it isn't. Repair technicians, smartphone manufacturers, and safety experts all agree this is one of the worst things you can do to an overheating phone. While the trick might cool the exterior temporarily, it can quietly create a much bigger problem inside the device - one that could permanently damage components or shorten the life of its battery.

According to a new BBC report, the latest warning comes from a UK phone repair shop, but it's one experts have been repeating for years.

Read more