Security News > 2024 > May > Bug hunters can get up to $450,000 for an RCE in Google’s Android apps
Google has drastically increased the rewards bug hunters can get for reporting vulnerabilities in Android apps it develops and maintains.
"We increased reward amounts by up to 10x in some categories," Google information security engineer Kristoffer Blasiak has pointed out.
The Google Mobile Vulnerability Reward Program was launched in May 2023, and covers Android apps developed by Google and its subsidiaries.
Google also wants to incentivize bug hunters to hand in exceptional quality reports - i.e., reports that come with a proposed patch/mitigation, a root cause analysis, and clearly demonstrate the impact of the findings - by pledging to increase the final reward amount by 1.5x. "Please be succinct: Your report is triaged by security engineers and a short proof-of-concept is more valuable than a video explaining the consequences of a specific bug," the team says.
Incentivizing ethical hackers to search for vulnerabilities in Android apps by Google.
Google obviously knows and accepts what a group of researchers from University of Pittsburgh and Carnegie Mellon University have recently confirmed after examining bug bounty programs: "Higher bounties incentivize ethical hackers to exert more effort, thereby increasing the probability that they will discover severe vulnerabilities first while reducing the success probability of malicious hackers."
News URL
https://www.helpnetsecurity.com/2024/05/03/google-android-apps-vulnerabilities/
Related news
- Google now pays up to $450,000 for RCE bugs in some Android apps (source)
- Free VPN apps on Google Play turned Android phones into proxies (source)
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- Google rolls out new Find My Device network to Android devices (source)
- Google rejected 2.28 million risky Android apps from Play store in 2023 (source)
- Malicious Android Apps Pose as Google, Instagram, WhatsApp, to Steal Credentials (source)
- Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android (source)
- Google Launches AI-Powered Theft and Data Protection Features for Android Devices (source)
- Android 15, Google Play get new anti-malware and anti-fraud features (source)
- Android 15, Google Play Protect get new anti-malware and anti-fraud features (source)