Advertisement

Google will now pay $1,000 for critical software bugs found in popular third-party apps

With malware creators becoming more aggressive and sophisticated, a number of tech companies in recent years have instituted “bug bounty” programs that provide monetary rewards to any individual or group that uncovers critical vulnerabilities in software. Google has had a bug bounty program for years now, but the search giant recently expanded the scope of the program beyond its own software developed in-house.

According to HackerOne, Google’s new bug bounty program now incentivizes hackers to unearth software vulnerabilities in some of the more popular third-party apps on the Play Store. The new program will presumably result in more secure Android apps while also limiting the damage whenever a serious issue is discovered. While perhaps not a common occurrence, it’s not all that unusual to see reports of malware infecting widely downloaded Android apps.

Don't Miss: Amazon will pay you $40 and give you 6 months of music streaming to get a Sonos sound bar

For anyone keen on tackling Google’s new software challenge, payments of $1,000 will be made for each verified software vulnerability.

The vulnerability criteria is laid out below:

For now, the scope of this program is limited to RCE (remote-code-execution) vulnerabilities and corresponding POCs (Proof of concepts) that work on Android 4.4 devices and higher.

This translates to any RCE vulnerability that allows an attacker to run code of their choosing on a user’s device without user knowledge or permission. Examples may include:

There is no requirement that OS sandbox needs to be bypassed.

Notably, the new bug bounty program, as it stands now, only applies to Google-developed Android apps and the following third-party apps: Alibaba, Dropbox, Duolingo, Headspace, Line, Mail.Ru, Snapchat, and Tinder. Down the line, though, the program may open up to include additional third-party apps.

Trending right now:

  1. Shocking discovery of ancient teeth could rewrite human history

  2. Archaeologists find gates of Hell in Saudi Arabia

  3. Report: AT&T is making the dumbest smartphone accessory of 2017

See the original version of this article on BGR.com