In 2015, Google introduced the Android Security Rewards program for researchers. The following year, the team behind the program paid out half a million. It was only in the first year and so we’re guessing more have been paid out. The Android developers reported more than four million dollars have been awarded to those who have found and reported security issues. The goal has always been to keep the Android ecosystem safe. Over the past four years, more than 1,800 reports have been submitted to Google.
The people behind the program has just announced further expansion. Reward amounts are being increased with the top prize reaching $1 million. That amount is for a full chain remote code execution exploit that’s been very persistent lately. It compromises the new Titan M secure element found on Pixel devices so it must be fixed at once.
Google is also adding a 50% bonus for exploits discovered on Android developer previews. Add the bonus and top prize could reach $1.5 million. The amount may be nothing to the tech giant but for developers and researchers, it’s one attractive goal.
With all these efforts, it’s like the Android team is admitting that the platform is not that secure. Even when the Pixel 3’s Titan M is already considered with a top ratings built-in security solution. However, there may still be exploits and vulnerabilities.
Titan M is not the only focus. There are also issues with lockscreen bypass and data exfiltration. Rewards for these issues can reach up to $500,000. More details are available HERE.
The Android Security Rewards Program has been really helpful. The Android devs are grateful to all the researchers and other developers who have contributed to the success of the program that results in the improved security of the Android ecosystem.