Google has announced that it will pay up to $1.5 million to hackers and security researchers who find flaws or bugs in its Pixel series of smartphones.
Rewards start at $500 for reporting moderately severe vulnerabilities and go up to $8,000 for security researchers and hackers who find and report critical bugs that can also compromise its new Titan M security chip. It will also offer up to $30,000 for exploits than can compromise TrustZone or Verified Boot.
Google has paid out more than $4 million since the launch of the first bug bounty program in 2010.
If the exploit chain works against a preview version of the Android OS, the reward can go up to $1.5 million.
Besides introducing a $1.5 million reward for Titan M remote hacks and increasing bug bounties, Google is also adding another bug reporting category.
The OS maker says it’s willing to pay up to $500,000 for bug reports involving data exfiltration and lock screen bypasses, depending on the bug’s complexity.
Google’s willingness to increase bug bounty payouts is certainly rooted in the company’s confidence in the fact that Android is secure enough not to fall prey to easy hacks.
Either way, Google has not been shy and has been one of the companies with the largest payouts on the market. Since the Android VRP’s launch in 2015, Google said it paid researchers up to $4.5 million, with $1.5 million being paid in the past 12 months alone.
The Titan Security Key itself was even a victim of Google’s persistent security woes. In May, the company recalled Bluetooth versions of the device after finding a vulnerability that allows attackers in close proximity to take control of the device.
Also Read: Google to bring Smart Compose to Google Docs