Hurray! Google is expanding its Bug Bounty Program
In the last few weeks, several instances of malware apps are being discovered on the google play store, they are facing a lot of problems so just a few hours ago they took a good step against all these problems.
Actually, Google expanded its bug bounty program to increase the security of Android apps and Chrome extensions distributed through its platform. In Google’s vulnerability reward program there are mainly two main announcements.
First one is “Developer Data Protection Reward Program” (DDPRP), in this program, Google will reward security researchers and hackers who will find verifiable and unambiguous evidence of data abuse issues in the Android applications, Chrome extensions, and OAuth projects.
And the Second one is expanding the scope of its Google Play Security Reward Program (GPSRP) to include all Android apps from the Google Play Store with over 100 million or more installs, helping affected app developers to fix the vulnerabilities through responsible disclosures.
The data abuse bug bounty program aims to avoid the scandals like Cambridge Analytics that hit Facebook with $5 billion in fines for failing to identify the situations where user data is being used without user content.
“If data abuse is identified related to an app or Chrome extension, that app or extension will accordingly be removed from Google Play or Google Chrome Web Store,” Google says in its blog post published a few hours ago.
Google has not announced any reward table for the DDPRP program but they ensured that a single report could be around $50,000 in bounty but it depends on the impact.
The GPSRP program was initially launched in 2017, but until today this program is limited to reporting vulnerabilities in popular Android apps in Google Play Store. But according to the latest announcement, Google will now work with developers of hundreds of thousands of Android apps and each app should contain at least 100 million downloads, helping them to receive vulnerability reports and instructions so that they can patch them over Google Play consoles.
These both measures will allow google to prevent malicious Android apps and chrome extensions from abusing its user data and will increase the security of apps which are present in the play store.