Google Bug Bounty to provide security for Android Apps

Many apps on Google Play Store have malware which have been discovered recently. In order to increase security of the apps, Google is seeking help from the public too. Google is regularly improving their security and privacy of their products. The Google Bug Bounty provides security for Android apps.

What is Google Bug Bounty?

Google is offering a wide range of vulnerability reward programs to encourage the people and developers to improve security for everyone. As part of the Google Bug Bounty program there are changes to the Google Play Security Reward Program (GPSRP). In addition to the Google Bug Bounty program, they are also launching the new Developer Data Protection Reward Program (DDPRP).

How does Bug Bounty offer changes to the (GPSRP)

Google Play Security Reward Program offers rewards to the developers who find any security breach on the apps. Earlier, there were only eight top apps which were included in the program. Now, any app from Play Store that has more than 100 million installs come under this program.In case a developer comes across any security breach in an app, they need to report it to Google. They can then claim a bounty of up to $20,000.

As part of Google Bug Bounty program under the GPSRP, all these apps are eligible for rewards. This is even in the eventuality of the app developer not having their own vulnerability disclosure or bug bounty program. Google will disclose the vulnerabilities to the concerned app developer. In this way the security researchers help the app developers to identify and fix the malware in their apps.

In case the developers have their bounty programs, the researchers can collect their rewards from the developer and from Google. From GPSRP, which is a part of the Google Bug Bounty Program, vulnerable data can be identified. With this Google can create automated checks to scan all the apps in Google Play for any malware.

The app developers who are affected will then be notified through Play Console. Play Console is part of the App Security Improvement (ASI) program. This program gives information on the malware and how they should fix the problem. Till date, ASI has helped over 30,000 developers fix more than 1,000,000 apps on Google Play. According to the Bug Bounty program, GPSRP has paid over $265,000 in bounties.

Launching of Developer Data Protection Reward Program as part of Google Bug Bounty

DDPRP is a Bug Bounty program which is in collaboration with HackerOne. It will help to identify and fix malware in Android apps, OAuth projects and Chrome extensions. Here, rewards will be given to those who can give complete evidence of data abuse in a similar model as Google’s other vulnerability reward programs.

In this Bug Bounty program, it aims to find out situations where the user data is being used illegitimately, without the consent of the user. There could be a breach related to an app or Chrome extension. That app or extension will be removed from Google Play or Google Chrome Web Store. In case an app developer is involved in data abuse, their API access will be removed. As per the Google Bug Bounty in the DDPRP, a single report could net $50,000 reward.