Google has started rolling out Android 12 to a handful of phones but in the very initial beta stage. This means it is an open opportunity for Bug Hunters to find out Bugs that might spoil the user’s smartphone experience or interfere with the phone’s processes. The company is now calling up security researchers to discover and report these security bugs under the Android Security Rewards Program with rewards of over Rs. 7 crores.
Security researchers who are eager in Google’s bug bounty programs will have to assess the latest Android 12 Beta 1 and Android 12 Beta 1.1 builds for Pixel devices. According to Google, the following devices are eligible for the bug programme:
- Pixel 5
- Pixel 4a
- Pixel 4a 5G
- Pixel 4
- Pixel 4 XL
- Pixel 3a
- Pixel 3a XL
- Pixel 3
- Pixel 3 XL
In its Android Rewards blog, Google has said that anyone who discovers a security vulnerability in the two new Android 12 builds between May 18, 2021 and June 18, 2021 will be qualified for a 50 percent bonus over and above the regular payout. Google has also demonstrated the kind of vulnerabilities that are considered eligible under the bug bounty program. These bugs comprise those in AOSP code, OEM code (libraries and drivers), the kernel, the Secure Element code, and the TrustZone OS and modules. Other vulnerabilities in non-Android code may potentially be qualified if they compromise the Android OS’s security.”
Since payouts for discovering bugs depend on the severity of the vulnerability, Google has categorized reward amounts according to the exploits found in various parts and the payouts are as follows:
Google will also pay up to $100,000 if a security researcher can bypass the lock screen on the phone. Google has also illustrated that it will reward critical, high, moderate, and low severity vulnerabilities. Furthermore, the security researchers must ensure that they are discovering issues in an Android build that are not older than 30 days.