Google has long maintained various reward programs for its own apps and services like Chrome and android. However, most freelance developers cannot afford to run a similar program. Today, Google is stepping in to support android app security with the Google Play Security Rewards Program. It’s like Google’s bug bounties, but for third-party apps.
Under the program, security researchers are encouraged to hunt for vulnerabilities in popular android apps on the Play Store. they’ll submit bigs to developers via the HackerOne bounty platform. If the flaw is confirmed and fixed by the developer, Google will pay a $1,000 reward to whoever found it. The developer is not on the hook for anything. Not all apps are included within the program. For now, it’s simply choose developers that have worked with Google to set this up including Dropbox, Snapchat, and Tinder. Going forward, a lot of apps are added , provided the developers will commit to fixing bugs as they’re reported .
According to the full rules, the Google Play Security Rewards Program is presently limited to remote code execution vulnerabilities. So, pretty severe stuff. However, the flaw doesn’t need to bypass the OS sandbox. you can see the full list of included apps on the HackerOne page.