• Follow us

Internet

Google boosts bug bounties for Play Store apps

Security researchers could be in for a major payday after Google revealed an increase in its bug bounty rewards.

The company wants to encourage firms to help findg bugs on the Play Store by increasing the scope of its Google Play Security Reward Program (GPSRP) to all apps on its store with 100 million or more installs.

The search giant has also launched a new program in collaboration with HackerOne called the Developer Data Protection Reward Program (DDPRP) aimed at finding data abuses in Android apps, OAuth projects and Chrome extensions.

Since the launch of its bug bounty program in 2010, Google has already paid security researchers over $15m and GPSRP has already paid out over $256k in bounties so far. By adding popular Android apps to the program, the company is making them eligible for rewards regardless of whether the app's developers have their own vulnerability disclosure or bug bounty program.

In exchange for paying out a bug bounty, Google will use the vulnerability data collected by security researchers to help create automated checks that scan all of the apps in the Play Store for similar vulnerabilities. Developers whose apps contain bugs are notified via the Play Console and the App Security Improvement (ASI) program will provide them with information on the vulnerability and how to fix it. Back in February, Google revealed that ASI has already helped more than 300k developers fix over 1m apps on Google Play.

Developer Data Protection Reward Program

In addition to expanding its current Android bug bounty program, Google also launched DDPRP to identify and mitigate data abuse issues in Android apps, OAuth projects and Chrome extensions. Instead of finding vulnerabilities, this program will reward security researchers that find and report apps which have violated Google Play, Google API or Chrome Web Store Extensions program policies.

Those that can find evidence of data abuse that can be verified could get paid. On the DDPRP page on HackerOne's website, Google highlights apps that access a user's contacts and doesn't treat this data as personal or sensitive data as well as apps that violate its permission policy by using contact data without a user's permission for another service unrelated to the original app.

The company did not provide a maximum reward amount but depending on its impact, a single report could earn a security researcher a $50k bounty.

Android apps and Chrome extensions that abuse user's data will be removed from their respective stores and if developer is also found abusing access to Gmail restricted scopes their API access will be removed.

Via VentureBeat

Read More



Leave A Comment

More News

TechRadar: Internet news

Microsoft's dual-screen Surface device may use liquid-powered hinges 2019-09-14 13:49:48New patent reveals a foldable, dual-screen Microsoft device to boast fluid-filled hinge.

Apple is neglecting the MacBook in favor of 2019-09-14 11:30:54As Apple fawned over its latest expensive smartphone, its silence about a new MacBook was deafening.

The LG G8X ThinQ has a secret weapon 2019-09-14 11:00:03No more sticky fingers in the way of your headshots, thanks to LG G8X ThinQ's novel second display.

Oculus Insight: how Facebook unplugged VR and opened 2019-09-14 10:00:00We talk to Facebook Zurich about the challenges of making VR accessible, and its plans for the future of virtual reality.

More details of Facebook's video streaming Portal box 2019-09-14 09:30:58The next Portal box could bring Netflix and Disney to your TV, as well as letting you make audio and video calls.

The 'magic' buttons on this Mercedes-AMG CLS 53 2019-09-14 07:00:00A big step towards in-car controls that are as intuitive to use as an iPad.

Final Fantasy 7 Remake has a turn-based ‘Classic 2019-09-14 05:45:14Final Fantasy 7 will have a Classic Mode for those who prefer turn-based combat to real-time action.

The Pixel 4 camera app leaks, showing off 2019-09-14 05:30:30Photo and video capture is sure to feature heavily in the Pixel 4 reveal, and now we know more about what to expect

Fury vs Wallin live stream: how to watch 2019-09-14 05:25:54Tonight's the night - watch the Gypsy King in action in Sin City. See how to live stream Fury vs Wallin from absolutely anywhere.

Pokémon Sword and Shield release date, trailers, and 2019-09-14 04:46:08Everything you need to know about the latest generation of Pokémon games, Pokémon Sword and Shield.

Official Sword and Shield website teases a brand 2019-09-14 04:39:46Game Freak and The Pokémon Company have posted a mysterious teaser for a brand new Pokémon.

iPhone pre-orders are live: these are the top 2019-09-14 04:19:47Get in early on Apple's latest trio of handsets - we've found the best iPhone 11, iPhone 11 Pro and iPhone 11 Pro Max deals you can pre-order.

TechCrunch » Enterprise

The mainframe business is alive and well, as 2019-09-12 09:58:48It’s easy to think about mainframes as some technology dinosaur, but the fact is these machines remain a key component of many large organizatio

SmartDrive snaps up $90M for in-truck video telematics 2019-09-12 08:52:30Trucks and other large commercial vehicles are the biggest whales on the road today — are they also, by virtue of that size, some of the most da

IBM brings Cloud Foundry and Red Hat OpenShift 2019-09-12 03:29:57At the Cloud Foundry Summit in The Hague, IBM today showcased its Cloud Foundry Enterprise Environment on Red Hat’s OpenShift container platform

Kubernetes co-founder Craig McLuckie is as tired of 2019-09-11 10:05:47“I’m so tired of talking about Kubernetes . I want to talk about something else,” joked Kubernetes co-founder and VP of R&D at V

Explorium reveals $19.1M in total funding for machine 2019-09-11 09:44:56Explorium, a data discovery platform for machine learning models, received a couple of unannounced funding rounds over the last year — a $3.6 mi

ScyllaDB takes on Amazon with new DynamoDB migration 2019-09-11 08:24:54There are a lot of open-source databases out there, and ScyllaDB, a NoSQL variety, is looking to differentiate itself by attracting none other than Am

HashiCorp announces fully managed service mesh on Azure 2019-09-10 12:48:50Service mesh is just beginning to take hold in the cloud-native world, and as it does, vendors are looking for ways to help customers understand it. O

HashiCorp expands Terraform free version, adds paid tier 2019-09-10 11:01:24HashiCorp has had a free tier for its Terraform product in the past, but it was basically for a single user. Today, the company announced it was expan

Payments giant Stripe debuts a credit card in 2019-09-10 11:00:27Last week, when the popular payments startup Stripe made some waves with its first move into money lending through the launch of Stripe Capital, we re

Work Life Ventures raises $5M for debut enterprise 2019-09-10 10:00:55Brianne Kimmel on her debut fund: "I want to be mindful that I am a female GP and I feel honored to have that title."

New investment firm wants to change the way 2019-09-10 09:27:09The three founders of York IE have a vision about how to change the way early stage startups get funding. They have experience shattering norms, havin

Snyk grabs $70M more to detect security vulnerabilities 2019-09-10 09:11:23A growing number of IT breaches has led to security becoming a critical and central aspect of how computing systems are run and maintained. Today, a s


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.