Google extends its bug bounty program to include third party Google Android applications

Categories: Google, Security // Tags: , , , , , .

Oct 28, 2017 // By:admin // No Comment

Google now offering vulnerability remedies and solutions in some applications, including Dropbox, Duolingo and Snapchat.

Bug on blackmail programs are often offered by companies to seek help from the public in finding vulnerabilities, vulnerabilities or other forms design in applications.

For a while, Google offers a standard program of bugs for proprietary apps. On October 19, the company announced that it was an extended security or virus program in some third-party apps on On the play store, including,

  • Alibaba

  • Dropbox

  • Duolingo

  • headspace

  • Mail.Ru

  • Pandora

  • Snapchat

  • Tinder

Google pay $ 1,000 for each vulnerability confirmed and solved software that currently only includes code execution vulnerabilities and evidence of concepts that run on Android 4.4 KitKat or later. Specifically, vulnerabilities must be based on one of the following conditions:

Vulnerability enables an attacker to execute code on a user’s device without the user knowing that full control, transaction validity by manipulating the user interface, or using the Android Webview feature without user intervention. It is not necessary that the OS sandbox is ignored for account vulnerabilities here but any vulnerabilities that depend on the interaction or installation of another application will not be considered in this program.

Also learn about IT security

To qualify for the award, vulnerability must be reported directly to the developer application through the vulnerability detection process. This link provides details on how and where to submit bugs found in third party products listed above.

The application developed by must then work with you to solve the problem. At this time, you can claim a prize through the Google Play Safety Award. Only vulnerabilities resolved over the past 90 days will be eligible for the award, and detailed vulnerability information should be provided to provide as much bug data and fix correspondent as possible.

The award program runs on “First come, first served” principle. If the same patch is developed by two different people who work separately, the person receiving the settlement will receive the bonus after the confirmed resolution. Only one award will be paid if it causes more vulnerabilities than one problem. Individuals must comply with all existing laws and not compromise information. People on US sanctions lists or are located in countries on US sanctions lists (Iran, North Korea, Syria, etc.) Not eligible for rewards, nor are employees of Google employees or their partners. Include a program code for all devices that are included in this program.

“This is definitely a step in the right direction for Google,” said Chris Olson, director of security firm Media Trust. “Using a bug bug program is an interesting approach to dealing with increasing the level of malware and other security issues on third-party applications.”

Olson also said that bug premium should not be considered a substitute for a comprehensive security program and it remains with application developers to resolve the security issues as quickly as possible .

About admin

Browse Archived Articles by admin

Leave a Comment

%d bloggers like this: