Google has challenged researchers to check for vulnerabilities in some of its apps on Android store. It has recently announced Google Play bug bounty program at Google’s Playtime developers event for researchers to look for bugs and vulnerabilities in some of the most popular apps of Google.
This program is called as “Google Play Security Reward” program. This program by Google will involve apps built by Google as well as few third-party apps. This program on HackerOne platform will comprise of 13 apps from eight developers including Alibaba, Line, Snapchat, Dropbox, Duolingo, Headspace, Tinder, and Mail.ru.
Google will pay for any bug reports security researchers find, no other developers have to pay for bounties. Google will pay up to $1000 per approved submissions for bug bounties.
Google aims to make its Android platform more secure for any vulnerabilities. Google is planning to expand this bounty program for other developers and apps. More apps will be invited for this program when it will be opened for all apps.
Google doesn’t want security researchers to inform developers about the bug, before its fixed by the developers. According to Google,
“This program is only for requesting bonus bounties after the original vulnerability was resolved with the app developer.”
Google requires the help of HackerOne platform to manage back-end program. HackerOne will be handling reports submissions and will invite white-hat hackers to participate in this program. You can find further details of the program here.
Google has already paid around $9 million for its bigger bug bounty program which includes Chrome and Android itself, according to the reports from January.