Google challenges techies to find security bugs in Android 12, offers 7 crore prize money

By Lokmat English Desk | Published: May 27, 2021 08:00 PM2021-05-27T20:00:00+5:302021-05-27T20:00:00+5:30


Google now wants techies to find and report these security bugs under the Android Security Rewards Program with rewards of over Rs 7 crore if they find serious bugs.

Security researchers who are interested in Google’s bug bounty programme will need to analyse the latest Android 12 Beta 1 and Android 12 Beta 1.1 builds for Pixel devices.

In its Android Rewards blog, Google has said that anyone who finds a security vulnerability in the two new Android 12 builds between May 18 and June 18 will be eligible for a 50 per cent bonus over and above the standard payout.

The Android Security Rewards Program covers bugs in code that runs on eligible devices and is not already covered by the company’s other reward programmes.

The eligible devices, as per Google, for the bug programme are, Pixel 5, Pixel 4a, Pixel 4a 5G, Pixel 4, Pixel 4 XL, Pixel 3a, Pixel 3a XL, Pixel 3 and Pixel 3 XL

Google has also mentioned the kind of vulnerabilities that are deemed eligible under the bug bounty programme.

These bugs include those in AOSP code, OEM code (libraries and drivers), the kernel, the Secure Element code, and the TrustZone OS and modules.

Some other vulnerabilities in non-Android code may also be eligible “if they impact the security of the Android OS.”

Google will hand out bonus rewards for a full exploit chain, the details of which are given in detail on the Android Security Rewards Program website.

Since payouts for finding bugs depend on the severity of the vulnerability, Google has classified reward amounts according to the exploits found in different parts of the operating system. Google will also pay up to $100,000 if a security researcher manages to bypass the lock screen on the phone. This involves bypass exploits achieved using software that can also affect other devices. Spoofing using synthetic biometric solutions such as fake masks or fingerprints will not be eligible for rewards.