In the wake of data abuse scandals and several instances of malware app being discovered on the Play Store, Google today expanded its bug bounty program to beef up the security of Android apps and Chrome extensions distributed through its platform.
The expansion in Google's vulnerability reward program majorly includes two main announcements.
First, a new program, dubbed 'Developer Data Protection Reward Program' (DDPRP), wherein Google will reward security researchers and hackers who find "verifiably and unambiguous evidence" of data abuse issues in Android apps, OAuth projects, and Chrome extensions.
Second, expanding the scope of its Google Play Security Rewards Program (GPSRP) to include all Android apps from the Google Play Store with over 100 million or more installs, helping affected app developers fix vulnerabilities through responsibly disclosures.'
Get Bounty to Find Data-Abusing Android & Chrome Apps
The data abuse bug bounty program aims to avoid scandals like Cambridge Analytica that hit Facebook with $5 billion in fines for failing to identify situations where user data is being used or sold unexpectedly or repurposed illegitimately without user consent.
"If data abuse is identified related to an app or Chrome extension, that app or extension will accordingly be removed from Google Play or Google Chrome Web Store," Google says in its blog post published today.
"In the case of an app developer abusing access to Gmail restricted scopes, their API access will be removed."
Google has not yet announced any reward table for the DDPRP program but ensured that a single report could net up to $50,000 in bounty depending on the impact.
Comments