Google's bug bounty rewards help it keep its services and products and thus its customers and users secure, so the company is always looking to expand the scope of those initiatives. After it already increased the payout of the Play Store and Chrome security bug-finding programs earlier this year, it has now decided to expand the Android Security Rewards and raise the maximum award.
The program covers Google's Android Pixel devices (sans the Pixel 4, for now) and focuses on security vulnerabilities discovered in the latest versions of the firmware. To increase incentives for white hat hackers, the company has added "a top prize of $1 million for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices" — let's hope the dedicated security chip is robust enough to withstand such an attack. But if you do find a vulnerability like this on specific pre-release software, you can be awarded an additional 50% bonus, meaning the Android Security Rewards now top out at a maximum of $1.5 million.
Other than security issues related to the Titan M chip, the company has also added more categories to the program. Data exfiltration and lockscreen bypasses can be rewarded with up to $500,000, paid out in tiers according to the category of the exploit.
Google says that it has already paid out over $4 million to a total of more than 1,800 reports in the Android Security Rewards program alone. On average, it awarded $15,000 per researcher so far this year, which is already 20% more than last year.
The new rewards will take effect starting today. Any bug filed earlier will be treated according to the previous rules. Find out more about the Android Security Rewards and how to file bugs yourself on Google's website.