Sponsored Links

Google's bug bounty program now covers all popular Android apps

Any app with more than 100 million installs is eligible.
oatawa via Getty Images
oatawa via Getty Images
Georgina Torbet
Georgina Torbet|@georginatorbet|August 29, 2019 12:30 PM

There have been several instances of malware discovered in apps on the Google Play Store recently, and now Google is enlisting further help from the public in beefing up the security of the apps it distributes on its platform.

Google's expanded initiative, called the Google Play Security Reward Program, offers rewards to developers who uncover issues in apps on the Play Store. Previously, the program only covered a set list of eight top apps, but now any app from the Play Store with more than 100 million installs is fair game. If developers discover and disclose a vulnerability in an app to Google, they can claim bounties of up to $20,000.

Typical bug bounty programs are run by companies to offer rewards to people who find security issues within the company's own software. This program is unusual in that it offers bounties for finding vulnerabilities in other company's apps as well.

"This opens the door for security researchers to help hundreds of organizations identify and fix vulnerabilities in their apps," a Google spokesperson said. If an app developer has its own bug bounty program, bugs can be claimed from both the app developers and Google.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

In addition, Google is launching a Developer Data Protection Reward Program to hunt down "data abuse issues" in Android apps, OAuth projects and Chrome extensions. This means findings apps which are using or selling users' data without user consent. If a data abusing app or extension is reported to the program, it will be removed from the Play Store or the Chrome Web Store and the bug hunter will receive a payment of up to $50,000.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Google's bug bounty program now covers all popular Android apps