CATEGORIES
home News

Google Offers $1,000 Bounty To Unearth Exploits In Top Google Play Store Apps

by Shane McGlaunFriday, October 20, 2017, 03:33 PM EDT

Google knows that exploits make it through the app development process and could be lurking in some of the most popular apps on the Google Play Store, waiting for a nefarious hacker to take advantage. To help weed out these vulnerabilities, Google has launched the Google Play Security Reward Program. Developers of popular apps are invited to opt-in to the program and if they do, Google will pay out  up to$1,000 for bugs found in those apps.

android robot

Google writes, "Developers of popular Android apps are invited to opt-in to the program, which will incentivize security research in a bug bounty model. The goal of the program is to further improve app security which will benefit developers, Android users, and the entire Google Play ecosystem."

The way the program works is that the hacker has to identify the vulnerability of an app and report it to the developer via the appropriate vulnerability disclosure process. The app dev will then work with the hacker to patch the vulnerability, after which the hacker can request a reward from the Google Play Security Reward Program.

Google notes that the Android Security team will issue additional rewards to the hacker for improving overall Google Play security. The rules stipulate that all vulnerabilities must be reported directly to the app developer first. Not all apps qualify, with Google writing, "Only developers who have expressed a commitment to fixing bugs which are disclosed to them have been invited to the program. It is the responsibility of each developer to respond and fix bugs in a timely manner."

Google has partnered with HackerOne for this program and as such, HackerOne's rules have to be followed as well. The first person who submitted the vulnerability gets the reward. Google does say that the reward is $1,000, but also notes that "reward amounts are at our discretion."

There are limits to the scope of the reward program, "For now, the scope of this program is limited to RCE (remote-code-execution) vulnerabilities and corresponding POCs (Proof of concepts) that work on Android 4.4 devices and higher."

"This translates to any RCE vulnerability that allows an attacker to run code of their choosing on a user’s device without user knowledge or permission."

Some of the major apps that are participating in the program right now include Alibaba, Dropbox, Duolingo, Headspace, Line, Mail.Ru, Snapchat, and Tinder. Other apps could be added, and you can check the source below for new apps. Google Play has a big problem with nefarious apps, and recently, the Android.Sockbot exploit was discovered in apps with large install bases.

Tags:  Android, Google, security, Apps, Google Play
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment