Thu. Dec 12th, 2019

Google expands Android Security Rewards program with a maximum prize of $1.5 million

1 min read

Google recently announced that the Android Security Rewards (ASR) program launched in 2015 will be expanded by adding rewards, with a current maximum of $1.5 million.

Google said the participants’ reports must disclose a full-chain remote code execution vulnerability that is persistent and affects the Titan M security components available on Pixel smartphones. Such a discovery will receive a $1 million reward, but if the error is found in a particular Android Developer Preview, the researcher will receive a 50% bonus, which means the total reward is $1.5 million.

US Air Force bug bounty

Maximum exploit rewards for each type of exploit are listed below:

Code execution reward amounts

Description Maximum Reward
Pixel Titan M Up to $1,000,000
Secure Element Up to $250,000
Trusted Execution Environment Up to $250,000
Kernel Up to $250,000
Privileged Process Up to $100,000

Google said its Android bounty program is progressing well because the company has paid more than $1.5 million in the past 12 months and the highest prize this year was $161,337.