Google Outs New Google Play Security Reward Program


Google's Play Store can be a somewhat unsecure place at times, despite the search giant's best efforts, so it has announced an initiative to incentivize white hat hackers to help secure the Play Store and its apps, dubbed the Google Play Security Reward Program. The new program is being administered with help from HackerOne, a prominent bug bounty proctor and one of the biggest centralized resources in the white hat community. The new program is already live and in early testing. Developers interested in making their apps' code available for white hat hackers to inspect and submit bugs on can notify Google of their interest through their Play Console.

The way the new program will work is a bit different from the way that Google pays hackers to help keep its other products safe. Rather than submitting bugs and vulnerabilities directly to Google, hackers will submit them to the developer of the app itself. The kicker is that the developer has to not only verify the vulnerability or security risk, but actually do something about it. Once the bug is confirmed to be fixed, the hacker can submit proof of the fix to Google to obtain their payment. This means that a hardworking hacker could end up shortchanged by a developer who either can't fix a bug without breaking the app or simply doesn't fix it, though this is an unlikely scenario at this point because the program is strictly opt-in for developers. Google's press release did not specify whether it will stay that way.

Google has been paying out fairly large amounts to security researchers for bugs found in its mainline products for some time. The Android OS and Chrome are two of the biggest bug bounty targets, but Google services like Drive and Search have been included in the company's bug bounty program in the past. This approach is becoming more and more popular in the tech field, though some companies still either ignore such reports, fix flaws without notifying or rewarding researchers, or even threaten legal action either as punishment for hacking their products or to keep the security researchers from publishing their findings.

Share this page

Copyright ©2017 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments