Google company about expansion payment of rewards for finding vulnerabilities in applications from the Google Play catalog. Whereas previously the program covered only the most significant, specially selected apps from Google and partners, from now on, bonuses will be paid for detecting security issues in any Android platform app that has been downloaded more than 100 million times from the Google Play catalog. The premium for discovering a vulnerability that could lead to remote code execution has been increased from $5 to $20, and for vulnerabilities that allow access to data or private application components from $1 to $3.
Information about the vulnerabilities found will be added to the automated testing toolkit to identify similar problems in other applications. Authors of problematic applications via notifications will be sent with recommendations for troubleshooting. As part of the already ongoing Android App Security Initiative, it is claimed that more than 300 developers have been assisted in fixing vulnerabilities and affected more than a million applications on Google Play. Security researchers were paid $265 for finding vulnerabilities on Google Play, of which $75 was paid in July and August of this year.
A program has also been launched with the HackerOne platform (DDPRP), which provides rewards for identifying and helping to block problems related to abuse of access to user data (for example, unauthorized collection and sending of data) in Android applications, OAuth projects and Chrome add-ons that violate the terms of use of Google Play, Google API and Chrome Web Store.
The maximum reward for identifying this class of problems is $50.
Source: opennet.ru