The Android 13 Beta was released to developers and early beta testers last week, and on the new version of the operating system, Google has promised to focus on privacy and security issues. Google recently expanded its Bug Hunter bounty hunter program, offering bounties of up to $1.5 million for the latest Android 13 beta release.
Google wrote on the official Bug Hunter website that this time Google has set a deadline from now until 5/27, as long as the security vulnerabilities unique to Android 13 Beta (that is, vulnerabilities that do not appear in other versions) are found, and Report to Google and Google verifies that it is eligible for the standard bounty bonus plus a 50% bonus. If you find the full hospital code execution vulnerability chain on a Titan M in a Google Pixel phone running the Android 13 beta, you can get a bounty of up to $1.5 million.
Google requires that in order to report qualifying bugs, reporters must include the keyword “Android 13 Beta” in the title of the report to ensure they are properly flagged for the bounty program. The list of eligible vulnerable items includes flaws found in the Android Open Source Project (AOSP) and other operating system code, as well as OEM library and driver code, system-on-chip (SoC), a microcontroller unit (MCU), and any Android devices Additional software that affects the security of Google devices and platforms.
Researchers are also eligible for additional rewards if they provide a complete exploit chain that combines multiple security vulnerabilities and demonstrates issues such as arbitrary code execution, data leakage, or bypassing the lock screen (implemented in software). The final reward amount for all reported bugs is at the sole discretion of the Google Rewards Committee and depends on several factors, including (but not limited to) the availability of buildable vulnerabilities, detailed documentation, attack vectors, and vulnerability reliability.