Google said it has announced a top prize of $1 million for “a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.” Additionally, the company will be launching a specific program offering a 50% bonus for exploits found on “specific developer preview versions of Android,” taking up its top prize to now $1.5 million.
For the uninitiated, Google introduced the Android Security Rewards (ASR) program in 2015 to reward researchers who find and report security issues to help keep the Android ecosystem safe. Over the past 4 years, Google has awarded over 1,800 reports, and paid out over four million dollars.
Guang Gong was awarded the top paid out in 2019 ($161,337) from the Android Security Rewards program. Moreover, 100+ participating researchers have received an average reward amount of over $3,800 per finding (46% increase from last year).