Google Offers $1000 Bounty To Hackers For Finding Bugs In Android Apps

apple hackercocoparisienne / Pixabay

Google bug bounty program has long maintained the tradition of offering a reward to developers who crack the vulnerabilities in Google’s own websites and apps, for Chrome and Android. Now, the search engine giant is extending its bug bounty program to the third-party Android apps in hopes to improve the quality of the apps in the Play Store.

Google pitches its operating system over others claiming it to be the most open platform. However, Android’s greatest strength is also its biggest vulnerability offering a free way to malicious contents and malware. Even after accelerated efforts by Google to improve the security offering solutions, Android continues to hive some of the most malicious apps. However, the operating system is not the only culprit as most of the security issues arise from the apps present in the Play Store.

Therefore, to at least limit such issues, Google in collaboration with HackerOne, is offering $1000 for every issue that a hacker unearths in the popular third-party apps. It surely is an attractive bug bounty for the hackers as Play Store is known to have spammy apps. In March, Google removed over 100 apps from Google Play, which were under hidden iFrames linking users to the nasty domains. When investigated, it led to a development platform with many developers involved. It was found that these malicious apps were downloaded more than a quarter million times.

Vineet Buch, director of product management for Google Play Apps and Games, told Reuters that Google is not just concerned about their own apps, but rather the overall health of the ecosystem. “It’s like offering a reward for a missing person even if you don’t know who the missing person is personally,” Buch said.

Hackers must submit their findings to the developers via the HackerOne bounty platform. Once the Google team confirms the bug, and the developer has found a fix for it, the hacker will be rewarded $1000. For now, Google is offering apps only from selected developers to the hackers to find vulnerabilities. Apps such as Dropbox, Snapchat and Tinder are included in the bucket of apps that should be cleared of all bugs. As the program progresses, more apps will be included in the list.

“The program is limited to a select number of developers at this time to get initial feedback. Developers can contact their Google Play partner manager to show interest,” Google said, in a blog post. “All developers will benefit when bugs are discovered because we will scan all apps for them and deliver security recommendations to the developers of any affected apps.”

Further, Google noted that the program for now would be limited only to the code execution vulnerabilities on the devices powered by Android 4.4 and above. Offering more clarity over the nature of vulnerabilities that would be added to the reward program, Google said that all the fixes that can be downloaded and manipulated by an attacker to do unauthorized transactions, or webview related bugs, would be considered for the rewards. However, bugs dependent between apps to launch the attack would not qualify for the reward.

For exclusive info on hedge funds and the latest news from value investing world at only a few dollars a month check out ValueWalk Premium right here.

Multiple people interested? Check out our new corporate plan right here (We are currently offering a major discount)

About the Author

Aman Jain
Aman is MBA (Finance) with an experience on both Marketing and Finance side. He has worked as a Risk Analyst for AIR Worldwide, and is currently leading VeRa FinServ, a Financial Research firm. Favorite pastimes include watching science fiction movies, reviewing tech gadgets, playing PC games and cricket. - Email him at [email protected]

Be the first to comment on "Google Offers $1000 Bounty To Hackers For Finding Bugs In Android Apps"

Leave a comment