Google Play attempts to make Android apps safer through rewards program

Google will pay $1,000 to those who find vulnerability in Android apps

A red Android mascot

Google Play has teamed up with HackerOne, an independent bug bounty platform, to create the Google Play Security Rewards System, with $1,000 up for grabs for flaws found in popular Android apps.

The program hopes to improve security research as well as app security which will benefit Android users, developers, and Google Play as a whole.

Apps such as Duolingo, Snapchat, Tinder, Dropbox, and Headspace are currently in the Google Play Security Reward program, with the hopes of more apps joining later on.

The system works by encouraging hackers to identify problems and vulnerabilities within different apps. However, the bugs have to follow certain criteria to qualify for the reward.

As of right now, the program is limited to remote-code-execution vulnerabilities and corresponding proof of concepts which run on devices with Android 4.4 or higher. This would include vulnerabilities that allow the downloading and execution of malicious code, the manipulation of a user interface to commit a transaction, and the opening of a webview leading to phishing attacks.

After a bug has been identified, the hacker works directly with the developer to fix the problem by reporting the issue to the firm through provided links. Once it is fixed, the hacker reports it to the Google Play Security Reward System, which will then consider it for the $1,000 reward, provided it followed the criteria.

"As the Android ecosystem evolves, we continue to invest in leading-edge ideas to strengthen security," said Vineet Buch, the director of product management at Google Play.

"Our goal is continue to make Android a safe computing platform by encouraging our app developers and hackers to work together to resolve unknown vulnerabilities, we are one step closer to that goal."

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Gmail vs Outlook.com: Which one is better?
email providers

Gmail vs Outlook.com: Which one is better?

26 Nov 2021
Compromised Google Cloud Platform instances are riddled with cryptominers
cloud computing

Compromised Google Cloud Platform instances are riddled with cryptominers

26 Nov 2021
Podcast transcript: Can the US take on big tech?
Policy & legislation

Podcast transcript: Can the US take on big tech?

19 Nov 2021
The IT Pro Podcast: Can the US take on big tech?
Policy & legislation

The IT Pro Podcast: Can the US take on big tech?

19 Nov 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021