Android Hackers: Google Offers $1000 Bug Bounty for Apps

Rodiano Bonacci
Ottobre 22, 2017

For those hackers in the need of some extra cash, Google has a challenge for you. The Google Play Security Reward Program will now only pay out for remote code execution (RCE) vulnerabilities that are shown to work on Android 4.4 and later without requiring the installation or use of a second app.

"The Google Play Security Reward Program recognises the contributions of security researchers who invest their time and effort in helping us make apps on Google Play more secure", the tech giant said on its website late on Thursday.

So, how are hackers going to be rewarded for dropping a white hat?

The Google Play Security Reward Program is part of Google's ever expanding attempts to continue improving security on Android, with this program in particular focusing on improving the security of high profile apps on the Google Play store.

The researcher identifies vulnerability within an in-scope app and reports it directly to the app's developer via their current vulnerability disclosure or bug bounty process.

Only eight developers have opted into the program so far, including Tinder, Snapchat, and Dropbox. Once the issue has been resolved, the app developers will pay you, and then Google will chip in a $1,000 bonus on top of whatever you were already paid.

Furthermore, Google will collate data on all the reported breaches and will share them with other developers who may have encountered the same problems. There are some limitations to this, however, the system is sort of "First-Come-First-Serve".

The program also now only extends to the 13 popular app's developers.

Over the past year we have seen an absolute slew of companies launching new bug bounty programs, and we're pleased to see that Google is adding another one to the list, the Google Play Security Reward Program.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE