{"id":6298,"date":"2019-09-06T14:15:00","date_gmt":"2019-09-06T14:15:00","guid":{"rendered":"https:\/\/gtechbooster.com\/?p=6298"},"modified":"2023-04-01T01:36:50","modified_gmt":"2023-04-01T01:36:50","slug":"google-bug-bounty-gets-to-third-party-apps","status":"publish","type":"post","link":"https:\/\/gtechbooster.com\/google-bug-bounty-gets-to-third-party-apps\/","title":{"rendered":"Google bug bounty gets to Third Party Apps"},"content":{"rendered":"\n

Google is extending its bug bounty scheme to third party apps in the \nGoogle Play Store. The reward will apply to problems found in any app \nthat has more than 100 million installs.<\/p>\n\n\n\n

\"\"<\/a><\/div><\/div>

The increase is being made as part of the Google Play Security Reward Program (GPSRP), and Google is also launching a new Developer Data Protection Reward Program (DDPRP).<\/p>\n\n\n\n

So long as an app has enough installs, if a bug is found in it the \nfinder will be eligible for a reward, even if the app developers don\u2019t \nhave their own vulnerability disclosure or bug bounty program. If that’s\n the case, Google helps responsibly disclose identified vulnerabilities \nto the affected app developer. If the developers already have their own \nprograms, researchers can collect rewards directly from them on top of \nthe rewards from Google.<\/p>\n\n\n\n

Google says it uses vulnerability data from GPSRP to create automated\n checks that scan all apps available in Google Play for similar \nvulnerabilities. Over the lifetime of the App Security Improvement (ASI)\n program, it has helped more than 300,000 developers fix more than \n1,000,000 apps on Google Play.<\/p>\n\n\n\n

The news of the extension to the scheme follows an announcement by \nGoogle in July that the maximum baseline reward amount was being raised \nfrom $5,000 to $15,000 for Chrome bugs, and the amount for high-quality \nreports from $15,000 to $30,000.<\/p>\n\n\n\n

Google has also launched a Developer Data Protection Reward Program. DDPRP is a bounty program that’s aimed at identifying and mitigating data abuse issues in Android apps, OAuth projects, and Chrome extensions. The program aims to identify situations where user data is being used or sold unexpectedly, or repurposed in an illegitimate way without user consent. If data abuse is identified related to an app or Chrome extension, that app or extension will be removed from Google Play or Google Chrome Web Store, and if an app developer is abusing access to Gmail restricted scopes, their API access will be removed. Google hasn’t so far published a reward table or maximum reward, but the announcement said that depending on impact, a single report could qualify for a reward as large as $50,000.<\/p>\n\n\n\n

More Information<\/h2>\n\n\n\n