It’s a great day to be mobile hacker. Today, Google and HackerOne announced the groundbreaking Google Play Security Reward Program.
The Google Play Security Reward Program is a first of its kind. Top app developers are setting up public-facing vulnerability disclosure programs on HackerOne and Google Play will be offering up bonus bounties for qualifying vulnerabilities.
You get more bounty, Google Play gets more secure. Boom shakalaka.
“As the Android ecosystem evolves, we continue to invest in leading-edge ideas to strengthen security. Our goal is continue to make Android a safe computing platform by encouraging our app developers and hackers to work together to resolve unknown vulnerabilities, we are one step closer to that goal.” -- Vineet Buch, Director of Product Management, Google Play
How does it work?
Developers of popular Android apps are being invited to start hacker-powered security programs on HackerOne and Google Play is providing a bonus reward of $1,000 on qualifying vulnerabilities! You can find the apps that are opted in at the Google Play Security Reward Program page on HackerOne. As more developers opt-in, more apps will be listed over time.
But wait, there’s more
In addition to third-party apps, Google is including their own first-party apps. Over time, additional apps may come into scope. In the future, other vulnerabilities may also be introduced into scope.
HackerOne’s customers have already resolved over 55,000 valid security vulnerabilities with help from the hacker community. With your help, we will resolve even more vulnerabilities and make Android the safest computing platform in the world for the more than 2 billion active devices.
For all the details and to get hacking, head over to hackerone.com/googleplay.
-- HackerOne team
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.