Google launches a limited-time 'bug chain' contest to root out security vulnerabilities in the Android OS, and will pay up to $200,000 for an Android "bug chain," one or more successful exploits of previously unknown vulnerabilities. The vulnerability rewards programs called "The Project Zero Prize" is seeking a vulnerability or bug chain that achieves remote code execution on multiple Android devices knowing only the devices' phone number and email address. Researchers must be able to hack a Nexus 6P and a Nexus 5X smartphone running any version of Android that is current during the six-month stretch. Successful submissions will be eligible for the following prizes:

• First Prize: $200,000 USD, awarded to the first winning entry.
• Second Prize: $100,000 USD, awarded to the second winning entry.
• Third Prize: At least $50,000 USD awarded by Android Security Rewards, awarded to additional winning entries.

This contest will be structured a bit differently than other contests. Instead of saving up bugs until there’s an entire bug chain, and then submitting it to the Project Zero Prize, participants are asked to report the bugs in the Android issue tracker. They can then be used as a part of submission by the participant any time during the six month contest period. Only the first person to file a bug can use it as a part of their submission. Of course, any bugs that don’t end up being used in a submission will be considered for Android Security Rewards and any other rewards program at Google they might be eligible for after the contest has ended.

In addition, unlike other contests, the public sharing of vulnerabilities and exploits submitted is paramount. Participants will submit a full description of how their exploit works with their submission, which will eventually be published online. Every vulnerability and exploit technique used in each winning submission will be made public, Google said.

Interested? See the full contest rules here.