Google will pay hackers who find flaws in top Android apps

But only a handful of developers are taking part at the moment.


Google is probably hoping to raise the quality of apps in the Play store by launching a new bug bounty program that's completely separate from its existing one. While its old program focuses on finding flaws in its websites and operating systems, this one will pay hackers when they find vulnerabilities in Android's top third-party apps. They have to submit their findings straight to the developers and work with them before they can turn in a report through HackerOne's bounty platform to collect their reward.

Google promises $1,000 for every issue that meets its criteria, but bounty hunters can't simply choose a spammy app (of which there are plenty on the Play Store) to cash in. For now, they can only get a grand if they can find an eligible flaw in Dropbox, Duolingo, Line, Snapchat, Tinder, Alibaba, and Headspace. Google plans to invite more app developers in the future, but they have to be willing to patch any vulnerabilities found... which means you can't rely on the program to fix the issues in your favorite low-quality application.