Google expands Android Security Rewards program with a maximum prize of $1.5 million
Google recently announced that the Android Security Rewards (ASR) program launched in 2015 will be expanded by adding rewards, with a current maximum of $1.5 million.
Google said the participants’ reports must disclose a full-chain remote code execution vulnerability that is persistent and affects the Titan M security components available on Pixel smartphones. Such a discovery will receive a $1 million reward, but if the error is found in a particular Android Developer Preview, the researcher will receive a 50% bonus, which means the total reward is $1.5 million.
Maximum exploit rewards for each type of exploit are listed below:
Code execution reward amounts
| Description | Maximum Reward |
|---|---|
| Pixel Titan M | Up to $1,000,000 |
| Secure Element | Up to $250,000 |
| Trusted Execution Environment | Up to $250,000 |
| Kernel | Up to $250,000 |
| Privileged Process | Up to $100,000 |
Google said its Android bounty program is progressing well because the company has paid more than $1.5 million in the past 12 months and the highest prize this year was $161,337.
