Google will pay you $1,000 to hack some of most popular android apps. Points of interest are light right now, yet a touch of news out of Google’s Playtime engineer occasion at the beginning of today: the organization is propelling a Google Play bug abundance program that’ll urge specialists to jab around and search for vulnerabilities in some of Android’s most prominent applications (both those worked by Google and those worked by outsider devs.) Called the “Google Play Security Reward” program, the new program expects to motivate scientists to work straightforwardly with Android application engineers to discover vulnerabilities. In the event that you enable an engineer to squash a bug, Google will pay you $1,000 (over whatever abundance the outsider dev themselves may pay).
This is what we know up until now:
The program just incorporates a restricted determination of Android applications right now. Not all Android applications. The rundown at present incorporates Alibaba, Dropbox, Duolingo, Headspace, LINE, Snapchat and Tinder alongside “all Google-created Android applications accessible on Google Play”.
Applications must be welcomed into the program until further notice; when it in the long run opens up to more applications, a rep from Google reveals to me it’ll be select in.
Specialists will work specifically with the application designer to affirm/squash vulnerabilities; once a bug is settled, the analyst tells Google, who affirms the bug and issues the $1,000 remunerate. Google wouldn’t like to think about the bug before it’s settled. “This program is just to request extra bounties after the first powerlessness was settled with the application engineer,” it notes.
Likewise with most bug abundance programs, Google is searching for a particular kind of dreadful issue here. Not “this symbol looks clever” sort of stuff. The degree as of now incorporates compelling an application to download/execute subjective code, controlling an application’s UI to drive an exchange (they say deceiving a bank application to send cash without a client’s assent for instance) or constraining an application to open a webview that may be utilized for phishing.
Google is tapping HackerOne to deal with a great part of the back end for this program, from submitting reports to welcoming white-cap programmers into new parts of the program as they take off. You can discover every one of the subtle elements distributed so far appropriate here.
Google’s more extensive bug abundance program, which incorporates Chrome and Android itself, had paid out around $9 million as of January 2017.