Firms such as Microsoft or Google have already presented campaigns on other occasions in which hackers are paid. They look for experts capable of finding security holes or important vulnerabilities.
Until now, the Google program focused on paying hackers when they found vulnerabilities in websites or operating systems. From now on, you can also get rewards for detecting bugs in the most popular third-party Android applications.
Of course, to participate in the program, they will have to stick strictly to the Google guidelines. It will be necessary that once they have detected the hole, contact directly with the developers. And work side by side to solve it. Then this report will be delivered to the HackerOne platform and the reward will be paid.
The problems related to the malware that is occasionally located in some applications of the official Android store, the Play Store, is an issue that increasingly concerns Google itself, something that we want to put some solution to mode.
That is why, together with other existing measures, it has just launched another program to detect security flaws , but this time it is not only directed to its own apps , but also to those developed by third-party companies and published in the mentioned Play Store . This new effort of Google is called “Play Security Reward Program” and asks hackers to look for faults in remote code execution of the most popular Android applications , specifically those running on Android 4.4 and newer versions.
At the moment only eight different developers have been approved for the program in question, we are talking about Alibaba , Dropbox , Mail. Ru, Snapchat Duolingo, Headspace, Line , and Tinder. However, the search giant says it is working with more application developers to expand the coverage of this new program.
While Google’s own tools are also part of the new rewards program for locating bugs, the company explains that exposures must include testing and demonstrating how an attacker can gain full control of a device or exploit user interface errors to commit an information transaction .
Google wants Android to be more secure than ever
It should be mentioned that the maximum payment as part of the program is $ 1,000, and according to the guidelines, once the reports are presented, the researchers need to work together with the developers of the targeted applications to solve the vulnerability that has arisen. found If the bug is successfully corrected, the Android Security team delivers the reward to the researcher. But not only will the apps and developers that are part of the program come into play, says Google, but the entire Android ecosystem, all in order to improve their reliability and security .
In this way the Google Play security rewards program recognizes that contributions to security researchers who invest their time and effort are to help them make store applications more secure. This is how they intend to continue to improve the reliability of these tools , which will benefit developers, Android users, and the entire software ecosystem .
1000 dollars for each hack of Android apps
Each security flaw detected in an Android application will be paid with $ 1,000. That would be about 840 dollars at the current exchange rate.
In order to participate, users will not be able to report an application dedicated to spam. You already know that there are many of these in the Google Play Store. What Google asks is that there are flaws in any of the following applications: Dropbox, Duolingo, Line, Mail.ru Snapchat, Tinder, Alibaba, and Headspace .
The participating developers have to be willing to resolve the vulnerabilities detected . Hence, there are still few applications that have adhered to this initiative. It is expected that more will appear later.
You must take into account, then, that for the moment they are excluded from the program – and super surveillance, of course – the rest of applications that have not been mentioned. That is, the entire catalog.
For this reason, it will be necessary to remain cautious with everything you download. Make sure the apps you choose are backed by a known developer . And they have no comments about strange or fraudulent behavior. Finally, do not forget to install a good antivirus solution on your phone, which can be helpful in anticipating threats.