Google recently expanded its bug reward program to provide a reward of up to $1.5 million for Android 13 beta vulnerabilities Last week, the Android 13 beta opened to developers and early adopters, and Google promised that the new version would focus on privacy and security issues.
Google said in a tweet that all Android 13 beta vulnerabilities will receive an additional 50% reward and explicitly mentioned it on the Android project page. However, the page also added an important note: "the vulnerability must be unique to the Android 13 system and cannot be reproduced on other versions of Android".
However, the bug reward plan is also time limited, and the additional reward is limited to the vulnerability report provided before May 27. From the perspective of this reward figure, it is worth noting that $1.5 million is much larger than the highest Android vulnerability reward ever paid last year - $157000 is used for the key vulnerability chain in an unspecified component.
In 2019, it began offering $1 million to anyone who could hack into Titan M's security chip, which was equipped into a pixel smartphone( ) Yes. Specifically, it requires a "persistent full chain Remote Code Execution Vulnerability, which damages the Titan m security element on the pixel device".
But so far, no one has received this reward. Therefore, to get a $1.5 million bonus, ethical hackers need not only to subvert Titan m, which has never been subverted, but also to ensure that the vulnerability works on the Android 13 beta -- and only on the Android 13 beta.