Google has updated its highly regarded bug bounty scheme – tweaking the criteria and increasing the financial rewards.
Last year, the company teamed up with cyber security firm HackerOne to introduce the Google Play Security Reward Program, which they described as “the first and only bug bounty program for an app ecosystem”.
Although the programme has only been up and running for a few months, Google has decided to increase its bonus awards.
Now, hackers who identify remote-code execution flaws can get up to $5,000 in cash. Previously, this reward was capped at $1,000.
The internet giant has also implemented a new category for the $1,000 reward mark, covering vulnerabilities that could result in business and personal data theft.
Additionally, the company will reward people who track down “vulnerabilities that result in sensitive information being transferred unencrypted, or bugs that result in access to protected app components are now in scope”.
The programme covers a string of popular apps, including Dropbox, Tinder, Fitbit, Headspace, Pandora, Line, Duolingo and Alibaba.
HackerOne, an independent bug bounty platform, has been working on the scheme with Google. It said that more rewards will be added as more developers opt to take part in the programme.
“HackerOne’s customers have already resolved over 60,000 valid security vulnerabilities with help from the world’s largest hacker community,” claimed the firm.
“With your help, we will resolve more vulnerabilities and make Android the safest computing platform in the world for its more than two billion active devices.”
The scheme’s policy explains that Google is working with HackerOne and app developers to find dangerous security flaws.
“Developers of popular Android apps are invited to opt-in to the program, which will incentivise security research in a bug bounty model,” reads the policy.
“The goal of the program is to further improve app security which will benefit developers, Android users, and the entire Google Play ecosystem.”
Save this article