Google announced that it would reward researchers who find serious vulnerabilities in some popular apps on the Google Play Store. $1,000 will paid for qualifying vulnerabilities
The new Google Play Security Reward Program was launched by Google in partnership with bug bounty platform Hackerone.
The Google Play Security Reward Program which is for now available to only a few applications whose developers have opted in to the program. Apps like Dropbox, Alibaba's Aliexpress, Mail.ru, Snapchat, Line Messenger, Meditation app headspace, the Duolingo language learning app and Tinder. And all apps developed by Google are also eligible for a bonus reward. Subsequently more apps will be added to the program.
Those researchers who find a serious bug in one of these Android apps would have to first report their findings to the app developer through their HackerOne page or their self-managed bug bounty program. The researcher can then request a reward bonus from Google through its Play Security reward Program.
"The program is limited to a selected number of developers at this time to get initial feedback. Developers can contact their Google Play partner manager to show interest," Google employees said in a blog post. "All developers will benefit when bugs are discovered because we will scan all apps for them and deliver security recommendations to the developers of any affected apps."
So far, eligible for the $1,000 bonus are just remote code execution though other types of security exploits would be added in the future. developers are to also include a proof-of-concept (PoC) which must work on Android from 4.4 upwards and also, developers must request the bounty bonus within 90 days of a patch made by the developer.