In a bid to ensure that the Android system is highly secure and reliable, Google has an Android Security Rewards (ASR) program. This program aims to reward participants that find significant vulnerabilities in the Android system. Now, the company is expanding the award program and the current maximum reward is $1.5 million. According to Google, the four-year-old program will now be better and more exciting.
Google said the participants’ reports must disclose a full-chain remote code execution vulnerability. These vulnerabilities also have to be persistent and affect the Titan M security components available on Pixel smartphones. Such a discovery will receive a $1 million reward. In addition, if the error is active in a particular Android Developer Preview, the researcher will receive a 50% bonus. This means that the total reward is $1.5 million.
Currently, the biggest code execution rewards are as follows:
- Pixel Titan M – $1 million
- Secure Element – $250,000
- Trusted Execution Environment – $250,000
- Kernel – $250,000
- Privileged Process – $100,000
On the other hand, if participants also encounter high-value data protected by Pixel Titan M, they can receive up to $500,000 in rewards. According to Google, its Android bounty program is progressing. This is because the company does not fail to pay. So far, it has paid more than $1.5 million in the past 12 months and the highest prize this year was $161,337. The full Android Security Rewards program rules are available here.