Google announced on Thursday the launch of a new reward program for data abuse, and the expansion of the Google Play bounty program to include Android applications with over 100 million installs.
The Google Play Security Reward Program (GPSRP) now includes all the Android applications hosted on Google Play that have over 100 million installations, and vulnerabilities found in these apps will be rewarded by Google even if the developer does not have a vulnerability disclosure or bug bounty program.
If the developer does have a bug bounty program, researchers can receive rewards from both the developer and Google.
“In these scenarios, Google helps responsibly disclose identified vulnerabilities to the affected app developer. This opens the door for security researchers to help hundreds of organizations identify and fix vulnerabilities in their apps,” employees of Google’s Android Security & Privacy department explained in a blog post.
Google recently announced that it tripled and even quadrupled some of the rewards offered through the GPSRP. The company says it has paid out a total of more than $256,000 in bounties through this program, including $75,000 in July and August alone as a result of the higher rewards.
According to Google, data from the GPSRP helps it automatically scan all Google Play apps for vulnerabilities similar to the ones reported. Developers whose apps are found to be vulnerable are notified in the Play Console through the App Security Improvement program. Google says this program has helped over 300,000 developers address bugs in over one million apps.
Google also announced on Thursday the launch of the Developer Data Protection Reward Program (DDPRP). The google offers bounties abuse reports
