Google Expands Bug Bounty Program For Play Store Apps With 100M+ Downloads

  •  
  •  
  •  
  • 5
  •  
  •  
  •  
    5
    Shares

In the wake of growing incidents of the presence of malicious apps on the Play Store, Google has now taken a much-needed step. Reportedly, Google has announced an expansion in its bug bounty program for its Play Store.

Google Expands Bug Bounty For Play Store

As revealed from a recent blog post, Google is now expanding the scope of its bug bounty program for the Play Store.

Google started it off as Google Play Security Reward Program (GPSRP) back in 2017 with an aim to ensure security across the applications on Google Play Store.

Now, as evident from the recent announcement, Google is now further expanding the scope of GPSRP. Specifically, the program will now include all applications with 100 million or more downloads. These apps qualify for the program regardless of whether the developers have their own vulnerability reward or bug bounty programs.

Regarding how this will work, Google’s Security & Privacy officials for Android stated in the blog,

In these scenarios, Google helps responsibly disclose identified vulnerabilities to the affected app developer. This opens the door for security researchers to help hundreds of organizations identify and fix vulnerabilities in their apps. If the developers already have their own programs, researchers can collect rewards directly from them on top of the rewards from Google.

Google also urges all app developers to launch their own bug bounty or vulnerability disclosure programs for direct collaboration with the security researcher community.

GPSRP Overview

Google launched its GPSRP for apps two years ago. The program initially offered bounties of up to $5000 for remote code execution bugs. Whereas, the other bugs resulting in private data theft or risk to app’s security offered rewards up to $1000.

However, keeping in view the lack of traction of GPSRP for the researchers, Google increased its payouts in July this year. Specifically, they announced rewards up to $20,000 (instead of $5000) for remote code execution bugs. Whereas, the $1000 rewards were raised up to $3000. Nonetheless, the program included only a subset of the apps.

The tempting inclusion of all apps with 100 million (or more) downloads will make Google’s Play Store bug bounty program even more attractive for the researcher community.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!