Google has announced a bug bounty program called ‘Google Play Security Reward Program’ to detect flaws in Android apps. Security experts have the chance to win $1,000 by finding vulnerabilities in the apps included in the program.
When a hacker finds vulnerabilities in an app, they have to report to the app developer. Once the issue is resolved, the hacker can claim the monetary reward from Google. Also, the hacker who reports a bug first will be rewarded, and duplicates are not encouraged. However, the program is limited to remote-code-execution vulnerabilities, i.e., if any execution of code occurs without the user’s permission such as phishing attacks or monetary transactions through UI manipulation.
Google has only invited developers who have expressed interest in fixing bugs, so, the apps under the program are few. All apps that are developed by Google are under this program.
Moreover, eight popular apps that are included in the bug bounty program are Line, Dropbox, Alibaba, Duolingo, Headspace, Mail.Ru, Snapchat, and Tinder. More apps might be added to the list upon developer’s consent. Interested developers have to contact their Google Play partner manager to opt in.