Latest in Gear

Image credit: oatawa via Getty Images

Google's bug bounty program now covers all popular Android apps

Any app with more than 100 million installs is eligible.
102 Shares
Share
Tweet
Share

Sponsored Links

oatawa via Getty Images

There have been several instances of malware discovered in apps on the Google Play Store recently, and now Google is enlisting further help from the public in beefing up the security of the apps it distributes on its platform.

Google's expanded initiative, called the Google Play Security Reward Program, offers rewards to developers who uncover issues in apps on the Play Store. Previously, the program only covered a set list of eight top apps, but now any app from the Play Store with more than 100 million installs is fair game. If developers discover and disclose a vulnerability in an app to Google, they can claim bounties of up to $20,000.

Typical bug bounty programs are run by companies to offer rewards to people who find security issues within the company's own software. This program is unusual in that it offers bounties for finding vulnerabilities in other company's apps as well.

"This opens the door for security researchers to help hundreds of organizations identify and fix vulnerabilities in their apps," a Google spokesperson said. If an app developer has its own bug bounty program, bugs can be claimed from both the app developers and Google.

In addition, Google is launching a Developer Data Protection Reward Program to hunt down "data abuse issues" in Android apps, OAuth projects and Chrome extensions. This means findings apps which are using or selling users' data without user consent. If a data abusing app or extension is reported to the program, it will be removed from the Play Store or the Chrome Web Store and the bug hunter will receive a payment of up to $50,000.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
102 Shares
Share
Tweet
Share

Popular on Engadget

Senator Wyden pushes his ‘Mind Your Own Business’ privacy act forward

Senator Wyden pushes his ‘Mind Your Own Business’ privacy act forward

View
Fractal Bits drum synth app uses algorithms to produce billions of sounds

Fractal Bits drum synth app uses algorithms to produce billions of sounds

View
'Anthem' gives its Cataclysm in-game event a second try

'Anthem' gives its Cataclysm in-game event a second try

View
Crowdfunding is better than Netflix for YouTube's creep queen

Crowdfunding is better than Netflix for YouTube's creep queen

View
Amazon is hosting a two-day music festival in Las Vegas

Amazon is hosting a two-day music festival in Las Vegas

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr