Google offers $1000 bounty for Android Apps bug hunters!

Google offers $1000 bounty for Android Apps bug hunters!

Google is all set for a bounty program to hunt bugs in android apps. The initiative is a collaboration with HackerOne offering a loot of amazing $1000!

The internet giant Google is gearing up for a bug-free experience by launching a new initiative!

Google has launched a new bug bounty programme for security experts. Wherein the company will pay $1,000 for finding security flaws in Android apps and then reporting it to in house researchers.

The Google Play Security Reward Programme recognizes the contributions of security researchers who invest their time and also effort in helping us make apps on Play more secure,” the tech giant said on its website late on Thursday.

All the in house apps find inclusion in the drive alongside invitation to developers of popular Android apps.

The parties will opt-in to the programme kick starting  in partnership with HackerOne.

“Through the programme, we will further improve app security which will benefit developers, Android users and the entire Google Play ecosystem,” the company said.

For now, there is a limitation of scope to R.C.E. (Remote-Code-Execution) vulnerabilities and corresponding POCs (Proof of concepts) that work on Android 4.4 devices and higher.

“This translates to any RCE vulnerability that allows an attacker to run code of their choosing on a user`s device without user knowledge or permission,” it said.

This is how it works.

Researcher identifies vulnerability within an in-scope app. The report are it directly notified to the app`s developer via their current vulnerability disclosure or bug bounty process.

App developer then works with the researcher to resolve the vulnerability.

Meanwhile on the resolution of the vulnerability , the researcher requests a bonus bounty from the Google Play Security.

“The programme will evaluate each submission based on the vulnerability criteria. A bounty of $1,000 will be on offer for issues that meet this criteria,” Google said.

“We are unable to issue rewards to individuals who are on US sanctions lists. Also supporters who are in countries like Crimea, Cuba, Iran, North Korea, Sudan and Syria,” it added.