I haven’t heard about google testing hardware based attacks on their chips, which I suppose could be caused by android running on a wide variety of chips instead of a few home-developed ones. Next to that Apple has had a bug bounty program for ages, that pays well and covers a wide range of attacks. Not hosting open hackathons has perhaps something to do with public brand image, but Apple shouldn’t be discredited regarding rewarding the findings of bugs and exploits.