Google Announces Bug Bounty Program for Third-party Applications in Play Store

Google has taken the much-awaited step by launching the bug bounty program for third-party application in Android play store. In this program, ethical hackers will interact directly with the developers of popular apps via a common platform and are in for $1,000 bounty reward on reporting critical vulnerabilities.

Google announced its bug bounty program, saying that the goal of the program is to further improve app security which will benefit developers, Android users, and the entire Google Play ecosystem.

Bug hunters who want to participate in the program can examine apps from the vendors and can get at least $1000 for each bug they find. However, they not only have to report the bug but also get it fixed, only after that they can apply for the reward.

Besides this, not all flaws will get the bounty, only the ones that expose the Android OS to exploitation. At this stage Google wants news of remote-code-execution vulnerabilities (vulnerabilities that may allow an attacker to execute custom commands on victim’s devices and steal their data/cause denial of service) for Android 4.4 devices and higher, and – if possible – proof-of-concept exploits should be provided.

For now, only selected apps are included in this program. This include the likes of Dropbox, Tinder and Snapchat. In future, more apps will be added provided the developers can commit to fixing the bugs as soon as they are reported.

Also Read

Stay in the know with our newsletter