Google's Android bug bounty program will now pay out $1.5 million
Hacking the Pixel's Titan M chip and finding exploits in the developer preview versions of Android will earn you the big bucks.
- I've been covering technology and mobile for 12 years, first as a telecommunications reporter and assistant editor at ZDNet in Australia, then as CNET's West Coast head of breaking news, and now in the Thought Leadership team.
Google's Android bug bounty reward has been upped to $1.5 million.
Google has announced an Android bug bounty reward of $1.5 million if you manage to hack its Titan M chip on Pixel devices and also find exploits in the developer preview versions of Android. Until now, the highest payout on Google's Bug Bounty Program was just over $200,000, Google said when announcing the new reward on Thursday.
Google's total payouts over the last 12 months have been around $1.5 million, with an average reward of $3,800 per finding. In 2019, the highest reward was $161,337. Google has been paying out some people who report security holes in the Chrome browser since 2010, upping its Chrome bug bounty to $30,000 in July this year.
The increase in the reward follows private companies increasing payouts for Android bugs to $2.5 million, as reported by CNET sister site ZDNet. This marked the first time iOS exploits were worth less than Android bugs on the private market.
Casey Ellis, founder and CTO of Bugcrowd, said Google's bounty has risen because "the skills needed to find these types of vulnerabilities in Google devices are rare and often tied up in the offensive market."
"By upping the incentive to hackers, Google is making bug hunting for them more attractive, especially to those that might teeter the line between whitehat and blackhat," he added in an emailed statement.
Originally published Nov. 21, 1:08 p.m. PT.
Update, 2:01 p.m.: Adds comment from Bugcrowd.
