Security News > 2024 > April > Google now pays up to $450,000 for RCE bugs in some Android apps
Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports.
The list of in-scope apps includes Google Play Services, the Android Google Search app, Google Cloud, and Gmail.
Google introduced the Mobile VRP last May to pay security researchers for vulnerabilities in the company's Android applications.
The bug bounty program's main goal was to speed up the process of discovering and fixing security weaknesses in first-party Android apps maintained or developed by Google.
Google rejected 2.28 million risky Android apps from Play store in 2023.
Free VPN apps on Google Play turned Android phones into proxies.
News URL
Related news
- Google blocked 2.36 million risky Android apps from Play Store in 2024 (source)
- Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- How Google tracks Android device users before they've even opened an app (source)