Titan M2 is a totally different thing where they did away with the Cortex secure element. They were probably working on that for at least 2-3 years before Pixel 6 launch and had Pixel 7 in development already, etc. so they see it as older than the public sees it based on launch.
Conversation
They don't state it on the page but I doubt they will pay out the stated bounties for issues not impacting the most recent Pixels since they'll see it as something they addressed already. They can't go back in time and upgrade hardware they already sold, but they mostly moved on.
2
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
It has a lot of impact but whether it will be relevant going forward definitely sways the bounties. If you report a mem corruption bug in a C++ component that they've internally rewritten in Rust, they are probably going to see it as something they already addressed internally.
2
And I mean even if they haven't shipped the improvements eliminating it, they'll see it as essentially resolved internally already. The vast majority of their engineers are focused on the latest and greatest code and don't really do much work on the stable releases, etc. at all.
2
We have a lot of communication with people there and the fact that we're using stable releases while they're spending nearly all their time on much newer stuff is a communication issue. To them Android 13 is already old news and they're way past that already working on new stuff.
1
A few months ago, they gave us a rebuild of the keystore HAL with a bug fix for a security feature. They gave us both Android 12.1 and 13 libraries. Android 13 was just released 2 days ago. They didn't actually ship the fix for 12.1. We have to check if it's in 13. Takes so long.
1
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
This Tweet was deleted by the Tweet author. Learn more
This Tweet was deleted by the Tweet author. Learn more
For the OS, the anti-rollback counter is the security patch level interpreted as an integer i.e. currently 20220805 but it's stored by the secure element and is only enforced when locked so you can unlock and install an older OS version.