Android should become a more secure platform thanks to new bug bounty program for Google apps

By Sofia Elizabella Wyciślik-Wilson
Published 11 months ago

Bug bounty programs have become a common way for companies to track down issues with software before they start to cause security concerns for users. While Google has various existing programs of this nature, the company has just launched the Mobile Vulnerability Rewards Program.

Google Mobile VRP is a bug bounty program that focuses on the company's own software. It lets security researchers and software detectives submit reports about Google's Android apps, earning financial rewards for discovering security flaws.

See also:

In addition to apps produced by Google LLC, the bug bounty program also covers apps developed by Developed with Google, Research at Google, Red Hot Labs, Google Samples, Fitbit LLC, Nest Labs Inc, Waymo LLC and Waze.

The company has divided up apps and services into three tiers, with the first including the biggest name apps -- Google Play Services (com.google.android.gms), AGSA (com.google.android.googlequicksearchbox), Google Chrome (com.android.chrome), Google Cloud (com.google.android.apps.cloudconsole), Gmail (com.google.android.gm) and Chrome Remote Desktop (com.google.chromeremotedesktop).

Google tweeted about the Vulnerability Reward Program via the VRP / Bug Hunters account:

We are excited to announce the new Mobile VRP! We are looking for bughunters to help us find and fix vulnerabilities in our mobile applications. https://t.co/HDs1hnGpbH
— Google VRP (Google Bug Hunters) (@GoogleVRP) May 22, 2023

Despite the size and popularity of the apps covered by the program, and the huge potential impact of an unpatched security issue, the pay-outs are not huge, ranging from $500 to $30,000. Google points out that "the values indicated in the above tables are maximum values, the exact value is always determined at the discretion of the reward panel". The company does add, however, that there is scope for additional reward:

The panel can apply a discretionary $1,000 bonus -- e.g. for a particularly surprising vulnerability, or an exceptional writeup.

More information is available on the Google Mobile Vulnerability Reward Program Rules page here.

Image credit: nextnewmedia / depositphotos

No Comments

Comments are closed.

Android should become a more secure platform thanks to new bug bounty program for Google apps

Recent Headlines

The psychological impact of phishing attacks on your employees

Canonical releases Ubuntu Linux 24.04 LTS 'Noble Numbat'

New tool lets enterprises build their own secure gen AI chatbots

Younger women are going into cybersecurity but more needs to be done

Politically motivated DDoS attacks on the rise

TCL 50 XL 5G Android smartphone hits Metro by T-Mobile: Big features, small price

The increasing sophistication of synthetic identity fraud

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE