Details are mild in this day and age, however just a little of information out of Google’s Playtime developer match this morning: the corporate is launching a Google Play computer virus bounty program that’ll inspire researchers to poke round and search for vulnerabilities in some of Android’s most popular third-party apps.
Called the “Google Play Security Reward” program, the brand new program targets to get researchers to paintings immediately with Android app builders to to find vulnerabilities. If you assist a developer squash a computer virus, Google will pay you $1000 dollars (on most sensible of no matter bounty the 0.33 social gathering dev themselves may pay.)
Here’s what we all know thus far:
- The program simplest features a restricted variety of Android apps in this day and age. Not all Android apps. The listing these days comprises Alibaba, Dropbox, Duolingo, Headspace, Line, Snapchat, and Tinder.
- Apps have to be invited into this system for now; when it ultimately opens up to extra apps, a rep from Google tells me it’ll be opt-in.
- Researchers will paintings immediately with the app developer to ascertain/squash vulnerabilities; as soon as a computer virus is mounted, the researcher tells Google, who confirms the computer virus and problems the $1000 praise. Google doesn’t need to know concerning the computer virus sooner than it’s mounted. “This program is only for requesting bonus bounties after the original vulnerability was resolved with the app developer,” it notes.
- As with most computer virus bounty systems, Google is searching for a selected sort of nasty factor right here. Not “this icon looks funny” type of stuff. The scope these days comprises forcing an app to obtain/execute arbitrary code, manipulating an app’s UI to pressure a transaction (they point out tricking a financial institution app to ship cash with out a consumer’s consent for example), or forcing an app to open a webview that could be used for phishing.
Google is tapping HackerOne to take care of a lot of the backend for this program, from filing studies to inviting white-hat hackers into new portions of this system as they roll out. You can to find all of the main points revealed thus far proper right here
Google’s wider computer virus bounty program, which contains Chrome and Android itself, had paid out round $nine million as of January 2017.