Jump to content
Timelord

Google Play Store Launches Bug Bounty Program

Recommended Posts

Posted
Google has finally launched a bug bounty program for Android apps on Google Play Store, inviting security researchers to find and report vulnerabilities in some of the most popular Android apps.

Dubbed "Google Play Security Reward," the bug bounty program offers security researchers to work directly with Android app developers to find and fix vulnerabilities in their apps, for which Google will pay $1000 in rewards.
"The goal of the program is to further improve app security which will benefit developers, Android users, and the entire Google Play ecosystem," the technology giant says in a blog post published today.

Google has collaborated with bug bounty platform, HackerOne, to manage backend for this program, like submitting reports and inviting white-hat hackers and researchers.
 

White-hat hackers who wish to participate can submit their findings directly to the app developers. Once the security vulnerability has been resolved, the hacker needs to submit his/her bug report to HackerOne.

Google will then pay out a reward of $1,000 based on its Vulnerability Criteria, wherein, according to the company, more criteria may be added in the future, creating more scope for rewards.
"All vulnerabilities must be reported directly to the app developer first. Only submit issues to the Play Security Rewards Program that have already been resolved by the developer." HackerOne said. 
"For now, the scope of this program is limited to RCE (remote-code-execution) vulnerabilities and corresponding POCs (Proof-of-concepts) that work on Android 4.4 devices and higher."
It is an unfortunate truth that even after so many efforts by Google, malicious apps continuously somehow managed to fool its Play Store's security mechanism and infect millions of Android users.
 

It's notable that Google Play Security Reward program does not include finding and reporting fake, adware or malware apps available on Google play store, so the program will not affect the increase in malicious apps on Google's app platform.

For now, a limited number of Android apps have been added to Google Play Security Reward Program, including Alibaba, Snapchat, Duolingo, Line, Dropbox, Headspace, Mail.ru and Tinder.

So what you are waiting for?

Roll up your sleeves and start hunting for vulnerabilities. For more details about Google Play Security Reward Program, visit HackerOne.
 
  • Upvote 3
Posted (edited)

In sfarsit ceva cu care sa ma joc :D

 

Nu prea inteleg totusi ... care sunt aplicatiile ce intra in acest program . 

 

Nu am citit tot, my bad.

Edited by tjt

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...