Google has announced a bug bounty program called ‘Google Play Security Reward Program’ to detect flaws in Android apps. Security experts have the chance to win $1,000 by finding vulnerabilities in the apps included in the program.
When a hacker finds vulnerabilities in an app, they have to report to the app developer. Once the issue is resolved, the hacker can claim the monetary reward from Google. Also, the hacker who reports a bug first will be rewarded, and duplicates are not encouraged. However, the program is limited to remote-code-execution vulnerabilities, i.e., if any execution of code occurs without the user’s permission such as phishing attacks or monetary transactions through UI manipulation.
Google has only invited developers who have expressed interest in fixing bugs, so, the apps under the program are few. All apps that are developed by Google are under this program.
Moreover, eight popular apps that are included in the bug bounty program are Line, Dropbox, Alibaba, Duolingo, Headspace, Mail.Ru, Snapchat, and Tinder. More apps might be added to the list upon developer’s consent. Interested developers have to contact their Google Play partner manager to opt in.
Earlier, Google had successfully hosted bug bounty program for their Pixel devices, websites, Chrome browser, and Chrome OS. Do you think these programs will address Android’s security issues? Share your views in the comments.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.