Google has published the new terms of the Android Security Rewards program, designed to stimulate the search for vulnerabilities in its smartphones. The program now includes Pixel 4, Pixel 3a, Pixel 3a XL, Pixel 3 and Pixel 3 XL devices.
The program applies to previously undetected errors in the software running on the listed smartphones. More specifically, errors found in AOSP code, OEM libraries and drivers, the kernel, Secure Element code, TrustZone OS and its modules. In addition, those who find errors in the chipset firmware may be rewarded if these errors can affect the security of Android.
As for the amount, it depends on which particular element of the security system is hacked. Most of all – up to $ 1 million – relies on the hacking of the Pixel Titan M chip. Vulnerabilities in the Secure Element, Trusted Execution Environment and the kernel can bring researchers who discover them up to $ 250,000 each. Finding a weak spot in privileged processes, you can get up to $ 100,000. If the possibility of hacking is demonstrated in certain preliminary versions of Android for developers, a premium of up to 50% of the principal is expected.
You can read the full terms of the program on Google.