Google says that the bug bounty program it runs to reward researchers who find security vulnerabilities in its software and services is working well.
In what it described as “another record-breaking year”, Google dished out over $6.5 million to bug-hunters through its various Vulnerability Reward Programs.
If you like the idea of taking a large chunk of change out of Google’s coffers, and helping to improve security for millions of internet users at the same time, then you could do a lot worse than check out how the company has increased its reward payouts.
In particular, those with a specific interest in Android security, could earn a huge amount of money if they are able to find a qualifying vulnerability in Google’s Titan M security chip custom-built for the firm’s Pixel 3, Pixel 3a, and Pixel 4 smartphones:
Android Security Rewards expanded its program with new exploit categories and higher rewards. The top prize is now $1 million for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices. And if you achieve that exploit on specific developer preview versions of Android, we’re adding in a 50% bonus, making the top prize $1.5 million.
$1.5 million? Wow. Of course, there are rules…
Good luck, and don’t forget – if you’re lucky enough to win – that I’m the guy who told you about it.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.