The tech giant stated in its Android Rewards blog, that anyone who discovers a security vulnerability in the two latest Android 12 builds between 18 May and 18 June who are eligible for a 50 percent bonus over the standard payout. The Android Security Rewards Program will cover any bugs in the code that is present on eligible devices and that has not been already covered by Google’s other reward programmes.
The eligible devices for the bug programme include Pixel 5, Pixel 4a, Pixel 4a 5G, Pixel 4, Pixel 4 XL, Pixel 3a, Pixel 3a XL, Pixel 3 and Pixel 3 XL.
Google has also stated the types of vulnerabilities that are considered eligible under the Bug Bounty programme. These bugs will also take into account those in AOSP code, OEM code, the kernel, the Secure Element code, and the TrustZone OS and modules.
Other vulnerabilities however, like those in non-Android code might not be eligible for the programme “if they impact the security of the Android OS.” The company has announced that it will hand out bonus rewards for a full exploit chain, more information can be found on the Android Security Rewards Program website.
Since payouts for identifying bugs depend on how severe the vulnerability is, Google has categorised reward amounts as per the exploits found across sections of the operating system. Google will pay around $100,000 if a researcher is able to bypass the lock screen on the smartphone. This will include bypass exploits that the researcher attains leveraging software that can also impact other devices. Spoofing with the help of synthetic biometric solutions like masks or fingerprints won’t be eligible for rewards.