Google Play Store Launches Bug Bounty Program to Protect Popular Android Apps
Better late than never.
Google has finally launched a bug bounty program for Android apps on Google Play Store, inviting security researchers to find and report vulnerabilities in some of the most popular Android apps.
Dubbed “Google Play Security Reward,” the bug bounty program offers security researchers to work directly with Android app developers to find and fix vulnerabilities in their apps, for which Google will pay $1000 in rewards.
Google has collaborated with bug bounty platform, HackerOne, to manage backend for this program, like submitting reports and inviting white-hat hackers and researchers.
White-hat hackers who wish to participate can submit their findings directly to the app developers. Once the security vulnerability has been resolved, the hacker needs to submit his/her bug report to HackerOne.
Google will then pay out a reward of $1,000 based on its Vulnerability Criteria, wherein, according to the company, more criteria may be added in the future, creating more scope for rewards.
It is an unfortunate truth that even after so many efforts by Google, malicious apps continuously somehow managed to fool its Play Store’s security mechanism and infect millions of Android users.
It’s notable that Google Play Security Reward program does not include finding and reporting fake, adware or malware apps available on Google play store, so the program will not affect the increase in malicious apps on Google’s app platform.
For now, a limited number of Android apps have been added to Google Play Security Reward Program, including Alibaba, Snapchat, Duolingo, Line, Dropbox, Headspace, Mail.ru and Tinder.
So what you are waiting for?
Roll up your sleeves and start hunting for vulnerabilities. For more details about Google Play Security Reward Program, visit HackerOne.