Google announces its bug bounty program for third-party app in Play Store
NEW DELHI: Search giant Google has launched a bug bounty program for third-party applications in the Google Play Store. As part of the program, ethical hackers will be able to directly interact with the developers of popular apps through a common platform and can win $1000 bounty reward for reporting critical vulnerabilities.
The bug hunters who wish to participate in the program can examine apps from the vendors and can then get at least $1000 for each bug they find. The bug hunters also have to get the bug fixed along with reporting it. Once the bug is fixed they can then apply for the reward.
The company adds that all the flaws found will not get rewarded. The flaws which expose the Android OS to exploitation will get a chance to get the reward.
At this stage Google wants news of remote-code-execution vulnerabilities for Android 4.4 devices and higher, and – if possible – proof-of-concept exploits should be provided. For the time being, only few selected apps are part of the program. The list of apps includes Dropbox, Tinder and Snapchat. In future, more apps will be added provided the developers can commit to fixing the bugs as soon as they are reported.
Ankush Johar, director at BugsBounty.com, said, “The step taken by Google is appreciable as it will help in securing the Android ecosystem in general but in no way, it protects the data of the customers on the apps and their servers. For example, if there is a flaw in Snapchat that exposes critical user data, there is no bounty reward for the researcher who finds it. The bounty program is strictly focused on the security of the Android OS and not the apps it supports.”
Source : https://www.gadgetsnow.com