Security News > 2024 > May > Bug hunters can get up to $450,000 for an RCE in Google’s Android apps
Google has drastically increased the rewards bug hunters can get for reporting vulnerabilities in Android apps it develops and maintains.
"We increased reward amounts by up to 10x in some categories," Google information security engineer Kristoffer Blasiak has pointed out.
The Google Mobile Vulnerability Reward Program was launched in May 2023, and covers Android apps developed by Google and its subsidiaries.
Google also wants to incentivize bug hunters to hand in exceptional quality reports - i.e., reports that come with a proposed patch/mitigation, a root cause analysis, and clearly demonstrate the impact of the findings - by pledging to increase the final reward amount by 1.5x. "Please be succinct: Your report is triaged by security engineers and a short proof-of-concept is more valuable than a video explaining the consequences of a specific bug," the team says.
Incentivizing ethical hackers to search for vulnerabilities in Android apps by Google.
Google obviously knows and accepts what a group of researchers from University of Pittsburgh and Carnegie Mellon University have recently confirmed after examining bug bounty programs: "Higher bounties incentivize ethical hackers to exert more effort, thereby increasing the probability that they will discover severe vulnerabilities first while reducing the success probability of malicious hackers."
News URL
https://www.helpnetsecurity.com/2024/05/03/google-android-apps-vulnerabilities/
Related news
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Google's New Restore Credentials Tool Simplifies App Login After Android Migration (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)