Google will match Apple in how much it will pay researchers who discover a hack that allows for remote control of its smartphones. It comes at a time when tech giants are in an arms race with private marketplaces and governments offering major returns for unique hacks.
Announced Thursday, the $1 million offer is for anyone who can show off a unique attack on its Pixel 3 and 4 phones, as long as they allow for persistent access to the device. Anyone hoping to receive the reward will have to break Google’s Titan M “secure element.” Similar to Apple’s iPhone Secure Element, Titan M is a security chip that acts as a kind of guardian for device data. It will, for instance, look out for hackers trying to load malware when an Android phone is turned on and will secure app passwords.
Google is also offering up to $1.5 million for exploits found on developer preview versions of Android. Rewards for successful hacks of those versions will be given a 50% bonus. Again, Apple announced something similar back in August. “Since [Android] Q was just released, we would be rolling this out on select developer preview builds for the next version of Android,” explained Jessica Lin from the Android security team.
Rewards of up to $500,000 are also on offer for specific attacks that result in data theft and lockscreen bypass. Benevolent hackers can find out how much they can earn via Google’s updated Android Security Rewards Program Rules page. Again, this will be limited to Pixel phones running the latest version of Android.
The program goes live today. But anyone hoping their already submitted bugs are in line for increased rewards is out of luck: Google will only give out the bigger bounties for research disclosed from November 21 onwards.