Google's Android bug bounty program will now pay out $1.5 million

Hacking the Pixel's Titan M chip and finding exploits in the developer preview versions of Android will earn you the big bucks.

Corinne Reichert Senior Writer
Corinne Reichert (she/her) grew up in Sydney, Australia and moved to California in 2019. She holds degrees in law and communications, and currently writes news, analysis and features for CNET across the topics of electric vehicles, broadband networks, mobile devices, big tech, artificial intelligence, home technology and entertainment. In her spare time, she watches soccer games and F1 races, and goes to Disneyland as often as possible.
Expertise News, mobile, broadband, 5G, home tech, streaming services, entertainment, AI, policy, business, politics Credentials
  • I've been covering technology and mobile for 12 years, first as a telecommunications reporter and assistant editor at ZDNet in Australia, then as CNET's West Coast head of breaking news, and now in the Thought Leadership team.
Corinne Reichert

Google's Android bug bounty reward has been upped to $1.5 million.

Angela Lang/CNET

Google has announced an Android bug bounty reward of $1.5 million if you manage to hack its Titan M chip on Pixel devices and also find exploits in the developer preview versions of Android. Until now, the highest payout on Google's Bug Bounty Program was just over $200,000, Google said when announcing the new reward on Thursday.

Google's total payouts over the last 12 months have been around $1.5 million, with an average reward of $3,800 per finding. In 2019, the highest reward was $161,337. Google has been paying out some people who report security holes in the Chrome browser since 2010,  upping its Chrome bug bounty to $30,000 in July this year.

Watch this: Always wait before buying a Pixel phone

The increase in the reward follows private companies increasing payouts for Android bugs to $2.5 million, as reported by CNET sister site ZDNet. This marked the first time iOS exploits were worth less than Android bugs on the private market.

Casey Ellis, founder and CTO of Bugcrowd, said Google's bounty has risen because "the skills needed to find these types of vulnerabilities in Google devices are rare and often tied up in the offensive market."

"By upping the incentive to hackers, Google is making bug hunting for them more attractive, especially to those that might teeter the line between whitehat and blackhat," he added in an emailed statement.

Originally published Nov. 21, 1:08 p.m. PT.
Update, 2:01 p.m.: Adds comment from Bugcrowd.

20 phones that still have headphone jacks that you can buy right now

See all photos