Google is currently offering a Bug Bounty Program for apps on Google Play and affiliating with HackerOne to create the Google Play Security Rewards Package realism. While the title of the program might recommend that Bug Bounty Program will be after exposures in Google’s official Android app shop, in realism they will be requested to unearth bugs in all of Google’s apps presented on Google Play, as well as a short list of other widely held ones. “The goal of the program is to further improve app security which will benefit developers, Android users, and the entire Google Play ecosystem,” according to a HackerOne post.
Presently in choice are the Line, Dropbox, Alibaba, Headspace, Duolingo, Snapchat, Tinder, and Mail.Ru apps, but the list is possible to grow in time.
Already, a number of apps are included in the program. But the program isn’t confined to third-party apps – Google will include first-party apps in the initiative as well. “Designers of prevalent Android apps are requested to opt-in to the program, which will incentivize security study in a Bug Bounty Program. The goal of the program is to further improve app security which will benefit developers, Android users, and the entire Google Play ecosystem,” Google noted.
Google promises $1,000 for each problem that encounters its standards, but Bug Bounty Program predators can’t just select a spammy app to cash in. For the moment, the program is limited to a select number of developers to get initial feedback. A Google strategy is to invite more apps in the future, but they have to be ready to patch any weakness originate. That means you can’t be influenced by on the program to patch-up the problems in your desired low-quality app.