Google launched Google Play Security Reward bug bounty program to protect apps in Play Store

cyber

Google has launched Google Play Security Reward, the bug bounty program that will pay $1,000 rewards
for flaws in popular apps.

Google has officially launched a bug bounty program for Android apps on Google Play Store, a measure that aims to improve the security of Android apps. The initiative, called Google Play Security Reward,will involve the security community in finding and reporting vulnerabilities in some of the most popular Android apps available in the official store.

The Google Play Security Reward offers security researchers to work directly with Android app developers to find and fix security issues in their applications, the experts will receive $1000 in rewards.

“The Google Play Security Reward Program recognizes the contributions of security researchers who invest their time and effort in helping us make apps on Google Play more secure. ” read a blog post published by Google.

“All Google’s apps are included and developers of popular Android apps are invited to opt-in to the program. Interested developers who aren’t currently in the program should discuss it with their Google Play partner manager. Through the program, we will further improve app security which will benefit developers, Android users, and the entire Google Play ecosyste

The Google Play Security Reward Program is operated in collaboration with the bug bounty platform HackerOne.

Everyone that wants to participate the bug bounty program can submit his/her findings directly to the app development team. Once the vulnerability has been fixed, the expert only needs to submit his/her bug report through the HackerOne platform.

According to the Google Vulnerability Criteria, the experts will receive their $1,000 rewards. Currently, the program is focused on finding RCE (remote-code-execution) vulnerabilities and related exploit codes that work on Android 4.4 devices and higher. An attacker must to able to run arbitrary code on a user’s device without user knowledge or interaction.

To read the original articel:http://securityaffairs.co/wordpress/64545/mobile-2/google-play-security-reward.html

Laisser un commentaire

Next Post

Cisco addresses a critical vulnerability in Cloud Services Platform (CSP)

Cisco patched critical and high severity vulnerabilities in several products, including the Cloud Services Platform (CSP). Cisco patched critical and high severity vulnerabilities in several products, including the Cloud Services Platform (CSP), the Firepower Extensible Operating System (FXOS) and NX-OS software, and some Small Business IP phones. The most severe […]