MANILA, Philippines – Google wants developers of popular third-party apps on Google Play to become more pro-active in preventing their apps from having vulnerabilities. To do this, the company has prepped a new bug bounty program for hunting down, reporting, and patching bugs.
Google announced on October 19 that it was incentivizing the research into app bugs, teaming up with independent bug bounty platform HackerOne to offer the program for popular apps.
Google explained it would "enable security researchers to submit an eligible vulnerability to participating developers, who are listed in the program rules. After the vulnerability is addressed, the eligible researcher submits a report to the Play Security Reward Program to receive a monetary reward from Google Play."
Currently, Alibaba, Dropbox, Duolingo, Headspace, Line, Mail.ru, Snapchat, and Tinder are part of the program. Security researchers are eligible for a $1,000 payoff after the vulnerability is addressed.
Additional apps are expected to join the program in time, expanding the scope of the bug bounty program further.
More information is available on HackerOne's bug bounty program page. – Rappler.com