Android bug bounty

Google has recently expanded its Android bug bounty program (which they created in 2015) with awards up to $1.5 million dollars.

Bug bounty is where you hunt for software bugs (ie: exploits and vulnerabilities) in the computer program or system. If you find any, you report them so they can be fixed.

Some of the more serious issues are data exfiltration, lockscreen bypass, remote takeover, etc.

Android bug bounty

Google is challenging people to hack their Titan M security chip in the Pixel 3 smartphones (which were released in 2018).

Google, via its Android Security Rewards program, has already paid out over $4 million dollars to 1,800 people who have identified various vulnerabilities on the platform.

The top prize of $1.5 million is for a full chain remote code execution exploit with persistence which takes over the Titan M chip, says the Android Security Team.

Google has sold more than 2.5 billion Android devices.

Google’s parent company Alphabet Inc. makes close to about $150 billion dollars per year in revenue ($28 billion alone comes from Google search ad revenue).

Get cracking.

Android bug bounty

Android Security Rewards Program Rules

https://www.google.com/about/appsecurity/android-rewards/

List of Android Security Acknowledgements (ie: people who have successfully found and fixed bugs)

https://source.android.com/security/overview/acknowledgements

Android Security Center

https://www.android.com/security-center/

Google Websites Vulnerability Rewards Program (VRP)

https://www.google.com/about/appsecurity/reward-program/

Google’s Official Security Blog

https://security.googleblog.com/

Threatpost (great IT security blog)

https://threatpost.com/

Android bug bounty

Leave a Reply