Google's Android Security Rewards Program has been around since 2015, and resulted in millions of dollars paid to security researchers who exploit issues on the mobile operating system. Today, the company is expanding the rewards researchers can get, and the most notable addition is a new reward that can be worth as much as $1.5 million.
Naturally, this reward is for a particularly challenging exploit. Google says it will pay $1 million to researchers that can perform a " full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices". The Titan M chip was first introduced with the Pixel 3, and according to data from Gartner, that device was rated as having strong security more than any other device tested. The bounty for this exploit can increase by 50% if it's performed on "specific developer preview versions" of Android, which would take the total reward to $1.5 million.
To have an idea of how much that is, Google says it paid a total of around $1.5 million in rewards during the past 12 months, which includes multiple bounties. The highest payout during that period was $161,337, and the average pay for the over 100 participating researchers was $3,800 per finding.
In addition to this very high reward tier, Google is introducing other new tiers with higher payouts than before. These include exploits involving data exfiltration and lock screen bypassing, and the rewards can go up to $500,000, which is still not too shabby.