Six months ago, Google offered to pay US$200,000 to any researcher who could remotely hack into an Android device by knowing only the victim’s phone number and email address. No one stepped up to the challenge.
While that might sound like good news and a testament to the mobile operating system’s strong security, that’s likely not the reason why the company’s Project Zero Prize contest attracted so little interest. From the start, people pointed out that $200,000 was too low a prize for a remote exploit chain that wouldn’t rely on user interaction.
“If one could do this, the exploit could be sold to other companies or entities for a much higher price,” one user responded to the original contest announcement in September.