Monday, 23 October 2017

Google Bug Bounty: Google Will Pay Hackers Who Find Flaws in Top Android Apps

Google’s new Security Reward Program

Google takes a lot of steps to ensure the security of their platforms. One such measure is the bug bounty reward program taken by Google. It involves the rewarding of persons who find faults or bugs in apps operating on Google play.

Google is closely collaborating with Hacker One, a company that rewards hackers for identifying bugs in a program and android apps to create a Google security reward program. This trademark initiative is said to help app developers and users alike. It will also improve the entire google play platform.

Bug bounty works like this, a hacker can identify bugs or an issue with a particular app and send a report pertaining to the issue to the developer of the app, the developer then resolves the issue/issues and then the hacker is free to contact the google play reward program.

The hacker can also work closely with the app developer to rectify the issue. The hacker can claim the bug bounty reward only once the issue is fixed. Hackers can get a bug bounty reward of up to 1000$.

There are various rules governing the bug bounty reward program. All hacker have to report vulnerabilities to the developers first. The developer should have resolved the issue before a hacker can request a bug bounty reward. If the developer does not respond to the bug report or does not show any inclination to fix the problem, the hacker does not get the bug bounty reward.

A detailed report has to be submitted along with meeting all of googles required criteria. Any issue that causes multiple problems in a program is only eligible for one bug bounty reward. If more than one hacker identifies an issue only the first report will be eligible for a bug bounty reward.

This program is right now available for only certain specific apps. Basically everyone knows that there are many apps on the play store and not all of them are up to a certain quality standard. In order to avoid giving bug bounty rewards to those apps that are sub- standard and contain a lot of bugs, google has introduced this program to only a few apps at present. Alibaba, dropbox, headspace, line,snapchat and tinder are the few apps that are included in the bug bounty reward program. As of now only these apps have opted into google’s bug bounty reward security program. In time a lot more apps mayopt in to the bug bounty rewards program.

Hackers will also be given information about the developer of the app so that they can interact directly with the developer in resolving the issue. Right now only google has reserved the right to reward hackers according to pre specified vulnerability criteria and only once the criteria has been met, only then will a hacker be rewarded. All bugs have to be resolved with a developer within 90 days to qualify for a bug bounty reward. Google has used the bug bounty program in order to improve the overall quality of apps and the google play platform.

No comments:

Post a comment

Note: only a member of this blog may post a comment.