Google knows that each software is best reviewed by external testers, developers, or hackers. That’s why the famous company from Mountain View rewards for the vulnerabilities found in Android. This time, Google is going a step further and is going to reward for security bugs found in popular apps from the Google Play store. The new program is implemented in cooperation with the HackerOne platform.
This program is called the Google Play Security Reward Program. The maximum prize is $1,000. Interestingly, not only Google uses the HackerOne platform. A year ago it was used by Qualcomm, which offered up to $15,000 prize. The new Google action has one very important condition. The vulnerability has to be reported to the developer of the application (you have dedicated form for this). Then developer works with the developer/hacker to fix the vulnerability. Participant can claim the prize only if the vulnerability is successfully resolved.
The new Google program covers only selected apps.
So far, the prize can be earned for errors found in applications such as Alibaba, Dropbox, Duolingo, Headspace, Line, Mail.Ru, Snapchat, Tinder, and all Google-developed apps. However, it is also possible that this list will be extended by Google in the future. Therefore, people should regularly visit the program page. Also, please keep in mind some restrictions that are included in the Google Play Security Reward Program. Currently, only vulnerabilities, which allows remote code execution, are included in the program. The hacker also has to prove that the found vulnerability allows for performing such attack on Android 4.4 or later. Perhaps in the future the range of award-winning finds will also be extended.