Google recently announced that the Android Security Rewards (ASR) program launched in 2015 will be expanded by adding rewards, with a current maximum of $1.5 million.
Google said the participants’ reports must disclose a full-chain remote code execution vulnerability that is persistent and affects the Titan M security components available on Pixel smartphones. Such a discovery will receive a $1 million reward, but if the error is found in a particular Android Developer Preview, the researcher will receive a 50% bonus, which means the total reward is $1.5 million.
Maximum exploit rewards for each type of exploit are listed below:
Code execution reward amounts
|Pixel Titan M||Up to $1,000,000|
|Secure Element||Up to $250,000|
|Trusted Execution Environment||Up to $250,000|
|Kernel||Up to $250,000|
|Privileged Process||Up to $100,000|
Google said its Android bounty program is progressing well because the company has paid more than $1.5 million in the past 12 months and the highest prize this year was $161,337.