The highest reward that you could attain for discovering as well as reporting a possible bug under Google’s bug reward program was $38,000 initially. The search giant kept on increasing the cap over time as Android stemmed in terms of popularity, more security scientists took part and more bugs were unearthed.
Now, yet again, Google has increased its topmost reward under the program to a whooping $1.5mn. Obviously, the company will not be shelling out the million+ reward amount for any bug.
Under this new bug reward category, the company is searching for a vulnerability which, without the hacker having any sort of physical access to an Android device, can execute a code even post a device gets reset and accesses the security chip in the Pixel phones.
A security scientist who reports such vulnerability will receive up to the sum of $1mn. And, there is a 50 percent bonus reward if they can report such an exploit on particular developer Android preview versions, bringing the max reward amount to $1.5mn.
Indeed, $1.5mn for just a single vulnerability sounds a lot. But, given the possible severity of busting through dedicated security chip on Google’s flagship Android version, a high payout like this does makes sense.