Google announces 7 crore prize money for techies to find security bugs in Android 12
The tech giant Google is now challenging techies to identify and report security bugs under the Android Security Rewards Program. The techies will be rewarded with prize money of over 7 crores if they can detect serious bugs in the devices.
To participate in Google’s bug bounty programme, security researchers will have to analyse the latest Android 12 Beta 1 and Android 12 Beta 1.1 builds for Pixel devices.
Google has also talked about an additional 50 per cent bonus in its Android Rewards blog. The company said that whosoever finds a security vulnerability in its two new Android 12 builds between May 18 and June 18 will be eligible for a 50% bonus over and above the standard payout.
The Security Rewards Program by Android will only cover bugs in code that runs on eligible devices. It will not consider bugs in code already covered by the company’s other reward programmes.
The eligible devices for Google’s bug programme are the Pixel series starting from Pixel 5, Pixel 4a 5G, Pixel 4a, Pixel 4 XL, Pixel 4, Pixel 3a, Pixel 3a XL, Pixel 3 and Pixel 3 XL.
In its Android Rewards blog, Google has also specified the type of vulnerabilities that are considered eligible for the bug bounty programme.
These bugs will include those in AOSP code, OEM code, the Secure Element code, the kernel, and the TrustZone OS and modules.
Under the bug bounty programme, some other vulnerabilities in non-Android code may also be covered and that is when “they impact the security of the Android OS”
The complete details about Google’s bonus reward for a full exploit chain are mentioned on the Android Security Rewards Program Website.
According to Google, the payouts for identifying bugs will depend on the severity of the vulnerability and for this Google has classified reward money as per the exploits found in various parts of the operating system. If a researcher manages to bypass the lock screen on the phone, Google will pay him up to $ 100,000. This will include bypass exploits achieved using software that can also impact other devices. Lastly, spoofing using synthetic biometric solutions such as fingerprints or fake masks will not be eligible for rewards.