Home Hacking News Google Expands Their Android Bug Bounty Program To Award Up To $1.5 Million

Google Expands Their Android Bug Bounty Program To Award Up To $1.5 Million

by Abeerah Hashim
An undocumented Google OAuth endpoint triggers Cookie regeneration exploit for session hijacking

Google has recently made a lucrative announcement for bug bounty hunters. Reportedly, Google expanded their bug bounty program for Android as well as increasing payouts. The new program will now offer up to $1.5 million as a reward for reporting issues in its Titan M chips.

Google Expands Android Bug Bounty To Include Titan M

As revealed recently, Google expands its bug bounty program for Android. In a recent blog post, Google has explained its decision to increase the maximum payouts to $1.5 million for reporting specific bugs.

The tech giant has already achieved the ‘strongest’ Gartner ratings in 2019 for its Pixel 3 running on Titan M chips. Now, to make these ‘strong’ products even stronger, Google has decided to increase bug bounty payouts.

As stated in the post by Jessica Lin, Android Security Team,

We are introducing a top prize of $1 million for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.

Moreover, they also offer a 50% bonus for certain exploits totaling the bounty reward to $1.5 million.

Additionally, we will be launching a specific program offering a 50% bonus for exploits found on specific developer preview versions of Android.

More Category Updates

Other than the Titan M bug bounties, Google has also announced other reward updates in the exploit categories.

As elaborated in the Android Security Rewards Program Rules the maximum payout for code execution bugs reaches up to $1 million and for data exfiltration involving Pixel Titan M, the bug bounty reward now increases up to $500,000.

Similarly, lock screen bypass bugs may reward the researchers with up to $100,000.

The new rewards already came into effect from November 21, 2019. So, any bugs reported after this date will be eligible for the increased payouts.

In September, Google also announced expansion in its bug bounty program for Play Store apps.

Let us know your thoughts in the comments.

You may also like