Google starts new - Security Reward Program for Android Apps

Editorial_Staff_Team's picture

Google Play Store starts Bug Bounty Program for Apps

Today the google security team announced to startup a new bug bounty program for the google play store android application. The program is open to random developers and chosen constituents of researchers.

In a public blogpost the company announced "". We all was awaiting that event for over some years, due to the quality of the applications in the google app store went massively down during the last years.

Scope
The actual scope of the program is limited to code execution vulnerabilities that must be triggered via a vulnerable android app. A second condition of the program scope is that the issue must bypass the sandbox to exploit as minimum android version 4.4. If all the conditions successful match for a participant, a bug bounty amount of about 1000$ will be delivered.
 
Google Play Security Reward Program Rules
The Google Play Security Reward Program recognizes the contributions of security researchers who invest their time and effort in helping us make apps on Google Play more secure. All Google’s apps are included and developers of popular Android apps are invited to opt-in to the program. Interested developers who aren’t currently in the program should discuss it with their Google Play partner manager. Through the program, we will further improve app security which will benefit developers, Android users, and the entire Google Play ecosystem.
 
In the last years security researchers have been able to scan, manually check or fuzz all Google apps like gmail, google calendar, adwords & other internal business apps. The new program is also open to other developers - but obviously only for the most popular apps owned by google. At the current point there are only eight app developers from google involved to the program but it looks like others will soon follow. Google said in an official news post that no vulnerability has been reported to the program in the last 24 hours after the program started.
 
Reference(s):
 
 
Rate this article: 
Average: 5 (1 vote)

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.