New program to root out vulnerabilities in third-party apps on Google Play

New program to root out vulnerabilities in third-party apps on Google Play
Source: The Verge
Date: 23-10-2017 Time: 01:10:43:am

Google is introducing a new program to help root out vulnerabilities in third-party apps in its Google Play storefront.

The Google Play Security Reward Program will pay researchers who discover problems in popular Android apps found in the store.

Google has maintained bug bounty programs for products such as Chrome, Chrome OS and others, paying thousands of dollars for vulnerabilities. Developers of popular apps are invited to opt-in to the program to “proactively [improve] the security of some of the most popular Android apps on Google Play.”

The company is collaborating with vulnerability coordination and bug bounty platform HackerOne.

Developers are only able to participate if they’re willing to respond to and fix the bugs in a timely manner, must follow HackerOne’s disclosure guidelines and provide detailed reports.

Presently, Alibaba, Dropbox, Duolingo, Headspace, Line,, Snapchat, and Tinder are eligible for rewards, but Google says that this list will expand with time.

According to HackerOne, hackers will identify app vulnerabilities and report it to the developer, and both work out a resolution within 90 days. The hacker then requests a reward from the program. Once it’s evaluated and found to meet Google’s criteria, the finder will be awarded $1000.

Share this story

Leave a comment

What others are reading
Compensate nursing mother for beating, trauma – Shocked NCCE charges
Neymar: Brazil's World Cup exit left me in mourning
A balm for death...In memory of Prof. Atukwei Okai