Google is offering up to $350,000 (£264, 250) in rewards for those who find a vulnerability or bug chain in the Nexus 6P and 5X. The contest, dubbed Project Zero, began at 12 am PT Zone in the US on 13 September and ends at 11:59 pm on 14 March next year.
Contestants will need to report the vulnerability by knowing only the Nexus device's phone number and email address. The winner of the contest will be eligible to receive $200,000, whereas the runner-up will get $10,000, awarded by the Android Security Rewards. The third prize is worth at least $50,000. In addition to that, participants who submit a winning entry would be provided with an opportunity to write a short report in their entry, which would be posted on the Project Zero Blog.
Participants have the liberty to work in groups, but Google will give the prize money to the person who submits the entry. The entry must have a full exploit chain with access to a third-party application files in the internal storage of the Nexus 6P and 5X.
Participants will need to report the bug in the Android issue tracker. It can then be used as part of the submission by the participant during the six-month contest period. The person who files a bug can use it as part of his or her submission. The bugs that are not used in a submission would be considered for Android Security Rewards.
Participants will need to submit a description of how their exploit works along with their bug submission. Google says each vulnerability and exploit used in the winning submission will be made public.
The Project Zero team says the goal is to know more about how the bugs and exploits work. "We're hoping this contest will improve the public body of knowledge on these types of exploits. Hopefully this will teach us what components these issues can exist in, how security mitigations are bypassed and other information that could help protect against these types of bugs ," Natalie Silvanovich from the Project Zero team said in a statement.
Google also hopes to fix the notorious bugs discovered in the contest as such contests throw up bugs that are less commonly reported. Head over to the official blog to know more about the rules of the contest.