Google Launched a Bounty Program to Find Bugs in Android Apps
Last year Google Launched a Bounty Programme to find security inflaw , bugs and security loop holes in android apps . The Google Play Security Programme will reward $1000 to finding bugs for contribution of security of apps make google app store more secure to everyone .All Google’s apps are included and developers of popular Android apps are invited to opt-in to the Programme being run in partnership with HackerOne .
Google Play Security Reward Program
Google runs its own bug bounties for Chrome, Android, and websites, and is now expanding the concept to popular Android apps in the Google Play Store. Researchers will be paid $1,000 reward for qualifying vulnerabilities.
Google Play is working with the independent bug bounty platform, HackerOne, and the developers of popular Android apps to implement the Google Play Security Reward Program. Developers of popular Android apps are invited to opt-in to the program, which will incentivize security research in a bug bounty model. The goal of the program is to further improve app security which will benefit developers, Android users, and the entire Google Play ecosystem. To find out about other Android security initiatives, visit the Android Security Center.
Apps in the Google Play Security Reward program include Alibaba, Dropbox, Duolingo, Fitbit ,Kingsoft Office ,Pandora ,Quvideo inc , Smule , VLC , Yandex , Headspace, Line, Mail.Ru, Snapchat, and Tinder, however more apps may be included later.
Qualifying bugs are limited to remote code execution (RCE) flaws that work on devices running Android 4.4 and higher. This includes attacks that allow malicious code to be downloaded and executed, manipulating the user interface to cause a fraudulent transaction, or opening a webview in an app for phishing. The exploit isn’t required to bypass Android’s sandbox.
Researchers who do find a bug need to report the issue to the affected developer first. The bounty page has links to the page where they should report issues to the participating firms. After the developer fixes the bug, then researcher reports it to the Play Security Reward Program for consideration of a reward.
So All you need to find a bugs and loophole , security inflaw any of listed app on hackerone google play list . You need to first report to official developer to fix the bug .Official developer will inform to google security researcher of bounty program for the reward . For Successful for finding of bugs google will pay you the amount of $1000 under Google Bounty Programme .