Google has recently expanded its Android bug bounty program (which they created in 2015) with awards up to $1.5 million dollars.
Bug bounty is where you hunt for software bugs (ie: exploits and vulnerabilities) in the computer program or system. If you find any, you report them so they can be fixed.
Some of the more serious issues are data exfiltration, lockscreen bypass, remote takeover, etc.
Google is challenging people to hack their Titan M security chip in the Pixel 3 smartphones (which were released in 2018).
Google, via its Android Security Rewards program, has already paid out over $4 million dollars to 1,800 people who have identified various vulnerabilities on the platform.
The top prize of $1.5 million is for a full chain remote code execution exploit with persistence which takes over the Titan M chip, says the Android Security Team.
Google has sold more than 2.5 billion Android devices.
Google’s parent company Alphabet Inc. makes close to about $150 billion dollars per year in revenue ($28 billion alone comes from Google search ad revenue).
Android Security Rewards Program Rules
List of Android Security Acknowledgements (ie: people who have successfully found and fixed bugs)
Android Security Center
Google Websites Vulnerability Rewards Program (VRP)
Google’s Official Security Blog
Threatpost (great IT security blog)