Security News > 2023 > May > Google launches bug bounty program for its Android applications
Google has launched the Mobile Vulnerability Rewards Program, a new bug bounty program that will pay security researchers for flaws found in the company's Android applications.
As the company said, the main goal behind the Mobile VRP is to speed up the process of finding and fixing weaknesses in first-party Android apps, developed or maintained by Google.
Category 1) Remote/No User Interaction 2) User must follow a link that exploits the vulnerable app 3) User must install malicious app or victim app is configured in a non-default way 4) Attacker must be on the same network Arbitrary Code Execution $30,000 $15,000 $4,500 $2,250 Theft of Sensitive Data $7,500 $4,500 $2,250 $750 Other Vulnerabilities $7,500 $4,500 $2,250 $750. "The Mobile VRP recognizes the contributions and hard work of researchers who help Google improve the security posture of our first-party Android applications," Google said.
"The goal of the program is to mitigate vulnerabilities in first-party Android applications, and thus keep users and their data safe."
In 2022 it awarded $12 million, including a record-breaking $605,000 payout for an Android exploit chain of five separate security bugs reported by gzobqq, the highest in Android VRP history.
The same researcher submitted another critical exploit chain in Android, earning another $157,000-the previous bug bounty record in Android VRP history at the time.
News URL
Related news
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Google's New Restore Credentials Tool Simplifies App Login After Android Migration (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)