Google has introduced a new program to help root out vulnerabilities in third-party apps in its Google Play storefront. The “Google Play Security Reward Program” will pay researchers who discover problems in popular Android apps found in the store.
Google has maintained bug bounty programs for products such as Chrome, Chrome OS and others, paying thousands of dollars for vulnerabilities. Developers of popular apps are invited to opt-in to the program to “proactively improve the security of some of the most popular Android apps on Google Play !”
The company is collaborating with vulnerability coordination and bug bounty platform HackerOne. Developers are only able to participate if they’re willing to respond to and fix the bugs in a timely manner, must follow HackerOne’s disclosure guidelines and provide detailed reports. Presently the following Apps are eligible for rewards as per HackerOne.
The program might change so please do refer to the original program on HackerOne!
Hope Google will expand this program to a wider app choices as in today’s world, we are seeing a lot of botnets and threats from apps directly available on the official app stores itself.
According to HackerOne, hackers will identify app vulnerabilities and report it to the developer, and both work out a resolution within 90 days. The hacker then requests a reward from the program. Once it’s evaluated and found to meet Google’s criteria, the finder will be awarded $1000.
Please refer to our upcoming research report on #AndroidSockbot.
Keep Defending !