What you need to know
- Google is expanding the Android Security Rewards program.
- The biggest possible bug bounty under the program is now $1.5 million.
- There are also other new types of prizes, relating to data exfiltration and lock screen bypass, which go up to $500,000.
Google's bug bounty program for Android, known as Android Security Rewards, has given out over $4 million in the four years since its launch, comprising of more than 1,800 individual reports. The company now wants to build on that success by expanding the program and adding higher-yield rewards to entice more researchers to probe the company's existing security architecture.
The most substantial reward under the program now relates to the company's integrated security chip for its Pixel line of smartphones — the Titan M — which it says has accorded the Pixel 3 the privilege of having the strong rating for built-in security among the current crop of flagship devices. Any researchers that can demonstrate "a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices" will be eligible for a $1 million payday.
That number — alongside other possible rewards — can be further augmented by 50% if the exploit can be replicated on specific developer preview versions of the OS. All in all, that means the largest possible reward for the program is now a whopping $1.5 million. Given that this is likely a rather niche target — and may be particularly difficult to achieve, given Google's confidence in the Titan M chip — the company is also offering a variety of new rewards for other types of vulnerabilities relating to data exfiltration and lock screen bypass. These can go up to $500,000 per report, based on the nature of the exploit. The specifics of these may be found here.
The changes to the program, which has paid out a combined $1.5 million to more than 100 different researchers within the last year, are set to go live on November 21, 2019. Any bounties reported after this date will be based on the new rules. Unfortunately, however, if you discovered and reported an exploit before this date, you will be paid based on the previous scale.
We may earn a commission for purchases using our links. Learn more.
Android AirDrop competitor Nearby Sharing gets shown off in hands-on video
Thanks to the guys over at XDA-Developers, we are getting a first look at Android's upcoming AirDrop competitor Nearby Sharing, formerly Fast Share.
YouTube moderators have to acknowledge growing risk of PTSD — or else
Accenture, the firm behind YouTube's moderation services, has been found forcing its contractors to sign a document acknowledging the potential for mental health decline. While pitched as voluntary, deferring contractors have been threatened with firing.
When will my phone get Android 10?
Android 10 is here! So, why isn't it on your phone yet? Here's a breakdown of which phones are confirmed to get the update and when you can look forward to it.
The Xperia 1 is our favorite phone for shooting video
If video recording is your thing, then look no further than the Sony Xperia 1 — it offers a large screen, three great cameras, and extremely robust manual video controls.