Since 2015, Google rewards those people outside its company and are able to detect any vulnerability in Android. Thus, through its Android Security Rewards (ASR) program, the company has launched a new reward: it will pay up to a million dollars to anyone who finds a specific bug in its operating system.
According to the company’s official blog, the idea is to carry out a full chain remote code execution exploit with persistence that could affect the Titan M chip, integrated in the Google Pixel 3, Pixel 3a and Pixel 4 phones, its latest model.
This reward program, as explained by Google, “covers errors in the code running” on these devices, including AOSP code bugs, OEM code (libraries and drivers), kernel, secure element code and TrustZone operating system.
Similarly, Google will offer an extra reward for anyone who finds and reports a complete chain of exploits – multiple vulnerabilities chained together, they explain – that demonstrates “arbitrary code execution, data leakage or a bypass on the blocking screen”. Whether or not to receive the full amount of Google’s reward will depend on the degree of detail given to the company.