Google has started its own Android hacking contest with the first place winner getting a hefty sum of $200,000. The contest is being run by Project Zero, Google’s team of security researchers responsible for documenting critical flaws with the company's software.
The competition is officially called the Project Zero Security Contest, and it is open to all residents of the United States. The contest is also open worldwide except for Italy, Brazil, Quebec, Crimea, Cuba, Iran, Syria, Sudan and North Korea. Google has published the official rules of the contest on its Project Zero blog.
“Entries must consist of a full exploit chain providing access to third-party application files in internal storage on both Nexus 6P and Nexus 5X devices from a remote vector, and a document explaining how the exploit works, including every bug in the chain,” Google listed as one of the many entry requirements. The exploit must also occur without user interaction, except for opening emails in Gmail or opening an SMS text in Messenger.
Entries must be submitted to email@example.com. Once an entry is confirmed, the contestant will be given a time to demonstrate the hack on live Nexus devices. The contestant will only be given the devices’ phone numbers and email addresses in order to demonstrate the exploit, according to CNET.
According to the contest guidelines, participants should also report all the bugs that they’ve discovered to the Android Issue Tracker. The participants will be able to include those bugs in their contest submissions, as pointed out by Android Headlines.
The second prize is $100,000, while the third is worth $50,000. All of the winners will also be allowed to publish a guest post on Project Zero’s official blog as well. Project Zero Security Contest will end on March 14, 2017.
Even though participants have been given six months to take part in the contest, it’s entirely possible that no one will win considering the amount of limitations set by Google and Project Zero, as pointed out by Android Police.