Google is increasing the reward for those who discover security flaws of its Android smartphones from $200,000 to a maximum of $1.5m.
The improved reward is payable to those who spot bugs in the Titan M security chip in Google’s Pixel smartphones, as well as meeting specific criteria.
Google revealed it had given out more than $4m to security researchers since 2015.
There are however concerns on how effective this new move will be in deterring people from making money from criminals.
Tech companies like Apple, Buzzfeed, Facebook, and Samsung, also offer rewards for reporting security flaws.
Companies run so-called bug bounty schemes to encourage people to report flaws so that they can be fixed, rather than selling the exploits to criminals.
The Titan M security chip in Pixel smartphones is designed to protect the integrity of their operating system and to store biometric data, which is used to unlock the phone.
To claim the $1.5m reward, a researcher would have to find a way to compromise that chip on a device running specific developer preview editions of Android.
However, one expert suggested the increased bounty was unlikely to change behavior.
Katie Moussouris, chief executive of Luta Security said, “Just like when Apple raised their bug bounty to $1m, Google’s move won’t compete with the ‘black market’ [of selling to criminals], which can raise prices any time.
“This price for external research raises questions for retention and recruitment of internal talent meant to prevent flaws.”
