Google Bumps Bug Bounty for Android 13 Beta

Google has increased its bug-bounty program to offer a whopping $1.5 million for Android 13 Beta exploit. To be precise, Hack of the Titan M security chip that ships with Pixel phones.

Android 13 Beta became available last week to developers and early adopters, with Google promising an outsized focus on privacy and security.

The Internet giant announced a 50% bonus for all Android 13 Beta exploits and updated its Android program page to reflect the offer, adding an important caveat: “Vulnerabilities must be exclusive to Android 13 and must not reproduce on any other version of Android,”. Valid before May 27

Taking in to consideration, it’s worth noting that $1.5 million is exponentially larger than the  highest-ever bounty for an Android vulnerability, which was paid last year $157,000 for a critical exploit chain in an unspecified component.

The likelihood of seeing a payout that size is a long shot. That’s because it would be connected to the last time Google dabbled in big-bucks territory: In 2019, it began offering $1 million to anyone who could hack the Titan M security chip, which is embedded in Google Pixel smartphones.

To reel in the $1.5 million on offer, an ethical hacker would need to not only subvert the never-subverted Titan M, but also make sure the exploit works on Android 13 Beta and only on Android 13 Beta.

OEM code (libraries and drivers), Digital Car Keys, kernel, boot-loader, Secure Element code, TrustZone OS and apps, system on chip (SoC), MicroController Unit (MCU), Boot ROM, RAM memory, Flash memory, filesystem, Trusted Execution Environment (TEE), radio units, etc., are all considered eligible targets.