• Home
  • Apps
  • Apps News
  • Google Expands Scope of Its Bug Bounty Programme, Unveils Data Protection Reward Programme for Developers

Google Expands Scope of Its Bug Bounty Programme, Unveils Data Protection Reward Programme for Developers

The Data Protection Reward Program for Developers covers Android apps, OAuth projects, and Chrome extensions

Share on Facebook Tweet Share Reddit Comment
Google Expands Scope of Its Bug Bounty Programme, Unveils Data Protection Reward Programme for Developers

The program will no longer mandate a developer having its own vulnerability report channel

Highlights
  • Apps whose developers don’t run a bounty program are covered too
  • DDPRP covers Android apps, OAuth projects, and Chrome extensions
  • It can net a reward as big as $50,000 (roughly Rs. 36,80,000)

It appears that the recent surge in the number of malware-loaded apps that have managed to rake millions of downloads have forced Google to reconsider its data security strategy. To effectively handle the threats, Google has widened the scope of its Google Play Security Reward Program (GPSRP) to cover all apps that have amassed over 100 million downloads on the Play Store. This effectively means Google is providing a bug bounty for finding vulnerabilities in third-party apps. Additionally, the company has also launched the Developer Data Protection Reward Program (DDPRP) in collaboration with HackerOne to discover and eliminate data abuse issues spotted in Android apps, OAuth projects, and Chrome extensions.

Google has actively been purging malware-laden apps from the Play Store, but the company has been having a hard time with it, especially when some very popular apps are found to be complicit. Take for example the CamScanner app, which had over 100 million downloads, but was recently booted from the Play Store for seeding an advertising malware. To more effectively curb such instances, Google has expanded its Google Play Security Reward Program (GPSRP) to cover all apps that have clocked 100 million or more downloads on the Play Store.

Security researchers can now collect bounty for discovering vulnerabilities and serious security bugs in eligible apps, even if the developers are not running a bug bounty programme. And in case a developer-side bug bounty programme exists, researchers can collect rewards from them as well as Google as an added incentive. As for the rewards, finding a RCE (Remote Code Execution) vulnerability will pocket the security researcher a cool $20,000 (roughly Rs. 14,31,000). Discovery of vulnerabilities that lead to data theft will be rewarded with $3,000 (roughly Rs. 2,15,000), while those that concern access to a protected app component will net the finder an equivalent amount.

In addition to tweaking the bug bounty programme, Google has also unveiled the Developer Data Protection Reward Program (DDPRP) in collaboration with HackerOne. The goal of DDRP is to “identify and mitigate data abuse issues in popular Android applications, OAuth projects, and Chrome extensions”. Under the aegis of DDPRP, Google will reward developers who find apps that violate Google Play, Google API or the Google Chrome Web Store programme policies.

Apps that mishandle local phone data, those that share sensitive information with third-party advertisers, an extension that violates Chrome Web Store's minimum user data privacy requirements, are among the instances that Google wants to identify and eliminate. 

In case data abuse is spotted, the app or Chrome extension will duly be removed from the Play Store and the Google Chrome Web Store. On a similar note, involvement in abusing access to Gmail restricted scopes will result in the removal of API access. A peak reward is yet to be listed, but security researchers can expect to net a bounty as large as $50,000 (roughly Rs. 36,80,000) if the discovery is really impactful 

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Nadeem Sarwar Aside from dreaming about technology, Nadeem likes to get bamboozled by history and ponder about his avatars in alternate dimensions. More
Vivo Z1x Specifications Leaked, Include Snapdragon 712 SoC, 48-Megapixel Camera, 4,500mAh Battery
Lenovo Tab M8, Lenovo Tab M7 Budget Tablets With Android Pie Launched
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.