Categories: Security newsTechnology

Google Will Pay You $1000 Bounty For Finding Bugs In Android Apps



You can earn $1000 in Bounty for finding software bugs in Android Apps

Google has launched (and is expanding) a new program with the aim of removing vulnerabilities from third-party apps on its Google Play Store. Titled the Google Play Security Reward Program, it will reward researchers $1,000 for discovering problems in Android apps and reporting them to Google.

“Through the programme, we will further improve app security which will benefit developers, Android users and the entire Google Play ecosystem,” said the search giant.

Google has maintained such bug bounty programs for a number of their platforms such as Chrome and Chrome OS among others. This program’s scope for now is restricted to RCE (remote-code-execution) vulnerabilities and corresponding POCs (Proof of concepts) that work on Android 4.4 devices and higher.

“This translates to any RCE vulnerability that allows an attacker to run code of their choosing on a user’s device without user knowledge or permission,” Google said.

How it Works

Within the bug bounty program, a researcher needs to find a vulnerability among the apps covered. Once found, they will have to report it to the app developer via their current reporting process. The app developer will then work with the researcher to resolve the vulnerabilities found within 90 days. The researcher can then claim the bounty from Google which will evaluate if it meets the program’s criteria before handing over the $1,000 reward.



“The programme will evaluate each submission based on the vulnerability criteria. A reward of $1,000 will be rewarded for issues that meet this criteria,” Google said. “We are unable to issue rewards to individuals who are on US sanctions lists or who are in countries (Crimea, Cuba, Iran, North Korea, Sudan and Syria),” it added.

For this program, Google is working alongside HackerOne – a vulnerability coordination and bug bounty platform . Developers can participate in the program only if they’re willing to respond to and help fix the vulnerabilities found in a timely manner. They will also need to follow HackerOne’s disclosure guidelines and provide reports with the required details. The apps currently in the scope of the program include  Alibaba, Dropbox, Duolingo, Headspace, Line, Mail.ru, Snapchat, and Tinder with more to be added as time goes on.

The Google Play Security Reward Programme recognises the contributions of security researchers who invest their time and effort in helping us make apps on Google Play more secure,” said the firm.

Delwyn Pinto

A person proud to have an alternate view

Recent Posts

  • Guide

DNS_Probe_Finished_No_Internet fix for the chrome browser

Ignoring the fact that you love playing with this dinosaur, having it while browsing the internet can be a huge…

1 day ago
  • List

10 Best Sites To Watch Hindi Movies Online- Free And Legally In 2018

Bollywood often referred to as Hindi movies is the Indian Hindi-language film industry with the highest number of movie releases…

1 day ago
  • Android App
  • News

Winamp to make a comeback as a mobile app in 2019

Winamp reimagined as an audio app for mobile could arrive in 2019 Winamp, the 21-year-old iconic media player, is set…

1 day ago
  • Google
  • Technology

Real-time Google Translate available on all Google Assistant headphones

Real-time translation is coming to all Google Assistant-optimized headphones and Android phones When Google launched the Google Assistant-enabled Pixel Buds…

2 days ago
  • Apple
  • Security news

Apple’s iOS 12.0.1 software update causing new problems to users

Apple’s iOS 12.0.1 software update creating network and signal connectivity problems, broken calls There are more reasons for Apple users…

2 days ago
  • Gaming
  • Security news

PS4 is reportedly crashing due to malicious message bug

Malicious gamers are sending messages that are bricking PS4 console; here’s what you can do to make sure that your…

2 days ago