Google launched a new program which is known as “Google Play Security Reward” and under this program, Google will pay hackers and researchers $1,000 for finding a glitch in the Android apps
Google Will Pay You $1,000 To Hack Android’s Most Popular Apps
Researchers and hackers here is a good news for you. Google has just released a bug bounty programme after a long wait for finding vulnerabilities in Android applications. Let me tell you, not all apps are covered in the newly launched bug bounty programme: only a few largest and popular app, selected by Google, can be unleashed by the researcher.
Google launched a new program which is known as “Google Play Security Reward” and under this program, Google will pay hackers and researchers $1,000 for finding a glitch in the Android apps that will help Google to make Android community more secure.
So far apps likes, Alibaba, Snapchat, Duolingo, Line, Dropbox, Headspace, Mail.ru and Tinder have managed to make some space in Google’s new Play Security reward program. So, finally, it looks like Google has begun to take the right path to secure their Play Store by offering rewards to independent researchers.
Google on its App Security page stated: “Through the program, we will further improve app security which will benefit developers, Android users, and the entire Google Play ecosystem.”
“For now, the scope is limited to RCE (remote-code-execution) vulnerabilities and corresponding POCs (Proof of concepts) that work on Android 4.4 devices and higher. This translates to any RCE vulnerability that allows an attacker to run code of their choosing on a user’s device without user knowledge or permission.”
This means that well-intentioned hackers, also called white-hat, may have more chances to develop their skills and still try to earn money lawfully. According to Google, if a researcher finds a vulnerability, he/she needs to report it to the developer of the app. After the app is fixed, the researcher needs to submit the bug report to Google Play Security Reward program.
For program rules and vulnerability criteria visit the Hackerone page. So, what do you think about this? Share your views in the comment box below.