Google announces that it will pay up to 160 million yen to Android bug finders
Google for Android Vulnerable Announcement of enhancement of Android bounty program Android Security Rewards . This change will pay up to $ 1.5 million for Android vulnerability discoverers.
Google Online Security Blog: Expanding the Android Security Rewards Program
Google will pay $ 1.5 million for the most severe Android exploits | Ars Technica
Google's new Android Security Rewards target is the “ Titan M ” vulnerability. Titan M is a security chip that has been adopted by Google smartphones since Pixel 3, and Google is pushing the drums, 'Pixel series with Titan M is the highest level of security on smartphones.'
The details of Titan M are described in detail in the following article.
Google Pixel 3 is equipped with a unique security chip `` Titan M '' at the data center level, ensuring the best smartphone security with software & hardware-GIGAZINE
Google said, `` Up to $ 1 million (about 100 million 865 million) for full-chain (no additional user interaction) remote code execution exploits with persistence that compromises the Pixel series Titan M secure element. Will be paid '. At the same time, we have established a new mechanism to add a 50% bonus to exploits found in Android-specific developer previews. With this, if you can discover exploits that infringe on Titan M on the developer preview version of Android, you will be able to get a reward of up to $ 1.5 million (about 160 million yen).
Apart from the exploit, $ 500,000 (about 54.33 million yen) for Titan M bugs that lead to lock screen avoidance and leakage of important data, other than Titan M $ 250,000 (about 27.16 million yen) Bounty is also available, and the total bounty for the two defects is $ 750,000 (about 81.5 million yen).
About this announcement, security researcher Saleem Rashid said, `` Vulnerability purchase company Zerodium pays only $ 100,000 (about 10.86 million yen) to avoid lock screen on iOS and Android, but Google is 7.5 times that (!) Will also be paid. '
for context: Zerodium will only pay $ 100,000 for a lockscreen bypass on either iOS or Android.— Saleem Rashid (@ saleemrash1d) November 21, 2019
Google are offering up to 7.5 (!) Times as much pic.twitter.com/38S6h1QO2K
In addition, “I think, we are witnessing a moment of paradigm shift in iOS and Android security,” praised Google's new efforts.
i think we're in the midst of an iOS / Android security paradigm shift https://t.co/N7UXaDHEc2— Saleem Rashid (@ saleemrash1d) November 21, 2019