Since 2015, Google rewards those outside its company and are able to detect some vulnerability in Android. Thus, through its program of Android Security Rewards (called ASR), the company has launched a new reward: it will pay up to one million dollars who finds a specific bug in their operating system.
As reported through his official blog and collects Andro4All, it's about carrying out a exploit full-chain remote code execution with persistence that may affect the Titan M chip, integrated into the Google Pixel 3, Pixel 3a and Pixel 4 phones, its latest model.
This rewards program, as explained by Google, "covers code errors running "on these devices, including code bugs AOSP, the code OEM (libraries and controllers), the kernel, the secure element code and the TrustZone operating system.
Similarly, Google will offer a extra reward for those who find and report a complete chain of exploits – multiple vulnerabilities chained together, as they explain – that demonstrates "the execution of arbitrary code, the filtering of data or a bypass on the lock screen".
Also, receiving or not receiving the total amount of the Google reward will depend of the degree of detail That is offered to the company.