Request a Demo Contact Us
Need a Pen Test? Get Started Now!
Learn more
  • Contact Us
  • Blog
  • Researcher Portal
  • Customer Portal
  • Why Bugcrowd
    Bugcrowd story
    Why crowdsourcing is better
    Learn how one platform manages the crowd for virtually any use case
    The Bugcrowd difference
    Get continuous security testing and stay ahead of cyberthreats
    Our customers
    See why top organizations choose Bugcrowd to stay secure
    Featured resources
    Guide
    Ultimate Guide to Penetration Testing
    Security Flash
    Security Flash : Technical Deep Dive on Log4Shell
    eBooks
    Penetration Testing as a Service (PTaaS) Done Right
    Products
    Overview
    Bugcrowd Platform
    One platform for multiple security use cases
    Integrations
    See how the platform integrates with your existing systems
    Vulnerability Rating Taxonomy
    Learn about our industry-standard approach to prioritizing risks
    Products
    Penetration Testing
    Pen Test as a Service
    Web Application Pen Test
    Mobile App Pen Test
    Network Pen Test
    API Pen Test
    IoT Pen Test
    Cloud Pen Test
    Social Engineering Pen Test
    Bug Bounty
    Vulnerability Disclosure
    Attack Surface Management
    Featured resources
    Guide
    Ultimate Guide to Vulnerability Disclosure
    Report
    Priority One Report
    Guide
    The Ultimate Guide to Cybersecurity Risk Management
    Solutions
    use cases
    Application and cloud security
    Assess web apps and cloud services for hidden risk
    Vulnerability intake and coordination
    Go beyond managing—proactively find and remediate vulnerabilities
    IoT and Web3
    Innovate with confidence
    Marketplace apps
    Continuous, proactive security for
    marketplace apps
    Mergers & acquisitions
    Fast-track risk assessment for more secure transitions
    Social Engineering
    Shut down social engineering threats with training and pen testing
    industries
    Financial Services
    Healthcare
    Retail
    Automotive
    Technology
    Government
    Security Companies
    Role
    CIO–CISO
    Get deeper insights into unknown risks across your attack surface
    VP, Engineering
    Find and fix critical code and security risks faster than ever before
    Director, AppSec
    Drive more effective testing strategies across all use cases
    Researchers
    Hack with us
    Programs
    CrowdStream
    Bug Bounty List
    Start Hacking
    Help Wanted
    FAQs
    Learn with us
    Researcher Docs
    Bugcrowd University
    Community
    Leaderboard
    Featured resources
    Webinar
    Inside the Mind of a Hacker
    eBooks
    Bugcrowd Security Knowledge Platform
    Webinar
    Evolving Your Security Strategy to the Challenges of 2022
    Programs
    Resources
    Resources
    Resource Library
    Blog
    Webinars
    FAQ
    Featured resources
    Guide
    The Ultimate Guide to Managing Ransomware Risk
    Webinar
    Navigating the Uncharted Waters of Crowdsourced Security
    Report
    Cybersecurity Vulnerabilities in the Technology Sector
    Company
    Learn about us
    About Us
    Leadership
    Our Customers
    Partners
    Careers
    Contact Us
    Featured resources
    Report
    Pen Testing as a Service Product Review
    Guide
    The Ultimate Guide to Managed Bug Bounty
    Guide
    The Ultimate Guide to Attack Surface Management
  • Contact Us
  • Blog
  • Researcher Portal
  • Customer Portal
  • Try Bugcrowd
    Cybersecurity News

    Bugcrowd Founder on Google Increasing Android Bounty to $1.5 Million

    Nov 25, 2019 | By Bugcrowd
    Back to blog

    Last week, Google announced a bug bounty reward of $1 million to anyone who could carry out a full chain remote code execution exploit on the Titan M secure chip within Pixel devices (this comes shortly after Apple launched its own $1 million bounty at Black Hat USA this year). On top of that, they’re offering a 50% bonus if the researcher can carry out the hack on a version of Android that’s still in developer preview stages, making the top prize up to $1.5 million if you hadn’t already done the math.

    Hackers today have a few options with the bugs they uncover:

    1. Do nothing with bugs they find
    2. Use the exploits themselves
    3. Sell to an offensive buyer or get a job for one
    4. Sell to the defensive buyer or get a job with one.

    Casey Ellis, Bugcrowd founder, chairman, and CTO weighs in the motivations and increasing arms race for these bugs:

    When it comes to Google’s updated bug bounty reward program, it’s important to note that similar to Apple’s bug bounty program, the skills needed to find these types of vulnerabilities in Google devices are rare and often tied up in the offensive market–which is why the payout is so high.

    By upping the incentive to hackers, Google is making bug hunting for them more attractive, especially to those that might teeter the line between whitehat and blackhat. This also gives hackers who previously could have sold their discoveries to brokers like Zerodium or to international governments more incentive to help with the problem of defense, instead of leaving users vulnerable as they support the offensive market.

    At Bugcrowd, we love seeing so many established tech giants working with the whitehat hacker community, upping their incentives and competing head-to-head to match the effort that goes into finding these bugs, in an effort to create more secure products.

    Interested in running a program? Learn more about Bugcrowd Bug Bounty programs here: https://www.bugcrowd.com/products/bug-bounty/ 

    Tags:
    • Android
    • Apple
    • bug bounty
    • Google
    • researcher rewards
    • whitehat

    Latest Blog Posts

    ABP (Always Be Prepared) For Social Engineering Threats

    Learn more

    3 Key Components of Researcher Submission Templates

    Learn more

    How to get Private Invites on the Bugcrowd Platform

    Learn more

    Winner's Circle

    August 2019 Hall of Fame

    By Abigail Nguy, May 18, 2022
    Read more
    Uncategorized

    Spooky Bug!

    By Luke Stephens, May 18, 2022
    Read more
    Bug Bounty Management

    Why More Government Agencies Need Bug Bounty and Vulnerability Disclosure Programs

    By Bugcrowd, Jan 11, 2018
    Read more

    Subscribe for updates

    Products
    Penetration Testing
    Pen Test as a Service
    Web Application Pen Test
    Mobile App Pen Test
    Network Pen Test
    API Pen Test
    IoT Pen Test
    Cloud Pen Test
    Social Engineering Pen Test
    Bug Bounty
    Vulnerability Disclosure
    Attack Surface Management
    Solutions
    Financial Services
    Healthcare
    Retail
    Automotive
    Technology
    Government
    Security
    Researchers
    Programs
    CrowdStream
    Bug Bounty List
    Start Hacking
    FAQs
    Researcher Docs
    Bugcrowd University
    Community
    Leaderboard
    Resources
    Resource Library
    Case Studies
    Blog
    Webinars
    FAQ
    About
    About Us
    Leadership
    Our Customers
    Careers
    Partners
    Contact Us
    Why Crowdsourcing is better
    The Bugcrowd Difference
    Copyright ©2022 Bugcrowd
  • Security
  • Terms & Conditions
  • Privacy Policy
  • Do Not Sell or Share My Information
  • General Data Protection Regulation
  • Twitter
  • Facebook
  • Linkedin