Win $1.5 million hacking an Android phone

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

Win $1.5 million hacking an Android phone

Google says that the bug bounty program it runs to reward researchers who find security vulnerabilities in its software and services is working well.

In what it described as “another record-breaking year”, Google dished out over $6.5 million to bug-hunters through its various Vulnerability Reward Programs.

Google vuln reward chart

Sign up to our free newsletter.
Security news, advice, and tips.

If you like the idea of taking a large chunk of change out of Google’s coffers, and helping to improve security for millions of internet users at the same time, then you could do a lot worse than check out how the company has increased its reward payouts.

In particular, those with a specific interest in Android security, could earn a huge amount of money if they are able to find a qualifying vulnerability in Google’s Titan M security chip custom-built for the firm’s Pixel 3, Pixel 3a, and Pixel 4 smartphones:

Android Security Rewards expanded its program with new exploit categories and higher rewards. The top prize is now $1 million for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices. And if you achieve that exploit on specific developer preview versions of Android, we’re adding in a 50% bonus, making the top prize $1.5 million.

$1.5 million? Wow. Of course, there are rules

Good luck, and don’t forget – if you’re lucky enough to win – that I’m the guy who told you about it.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.