Android should become a more secure platform thanks to new bug bounty program for Google apps
Bug bounty programs have become a common way for companies to track down issues with software before they start to cause security concerns for users. While Google has various existing programs of this nature, the company has just launched the Mobile Vulnerability Rewards Program.
Google Mobile VRP is a bug bounty program that focuses on the company's own software. It lets security researchers and software detectives submit reports about Google's Android apps, earning financial rewards for discovering security flaws.
See also:
- Microsoft is working on Windows 11 23H2... but this Moment 4 update will be nothing to get excited about
- Microsoft reminds Windows 10 21H2 users about imminent end of service... and forced upgrades
- Microsoft acknowledges Start menu, Windows search and UWP app issues... but says Windows updates are not to blame
In addition to apps produced by Google LLC, the bug bounty program also covers apps developed by Developed with Google, Research at Google, Red Hot Labs, Google Samples, Fitbit LLC, Nest Labs Inc, Waymo LLC and Waze.
The company has divided up apps and services into three tiers, with the first including the biggest name apps -- Google Play Services (com.google.android.gms), AGSA (com.google.android.googlequicksearchbox), Google Chrome (com.android.chrome), Google Cloud (com.google.android.apps.cloudconsole), Gmail (com.google.android.gm) and Chrome Remote Desktop (com.google.chromeremotedesktop).
Google tweeted about the Vulnerability Reward Program via the VRP / Bug Hunters account:
Despite the size and popularity of the apps covered by the program, and the huge potential impact of an unpatched security issue, the pay-outs are not huge, ranging from $500 to $30,000. Google points out that "the values indicated in the above tables are maximum values, the exact value is always determined at the discretion of the reward panel". The company does add, however, that there is scope for additional reward:
The panel can apply a discretionary $1,000 bonus -- e.g. for a particularly surprising vulnerability, or an exceptional writeup.
More information is available on the Google Mobile Vulnerability Reward Program Rules page here.
Image credit: nextnewmedia / depositphotos