Google Is Now Offering $1,000 Mobile App Bug Bounties

Image Source: Mobile App Daily

Are you an Android app developer looking for ways to make a little extra money? Well, we’ve got some good news for you. Google is starting a new initiative known as the Google Play Security Reward Program. This initiative will pay $1,000 for every flaw found and fixed that meets their guidelines. So if you have mobile cybersecurity skills and some free time, you may be able to make a pretty penny pursuing this.

The Wild Wild West of the Google Play Store

Bug bounties and Google are no strangers to one another. In the past, the company has opened up bug bounty programs for Chrome, Chrome OS, and even apps they developed themselves. But cybersecurity threats have been a longstanding problem for the 8-year-old Google Play app store. Bugs are far more common to find in Google’s app platform than the App Store of their main competitor, Apple.

The Google Play Security Reward Program specifically focuses on finding bugs in third-party apps. Whereas most bug bounties offered by big tech companies only focus on their own software, Google wanted this initiative to help make the Google Play store safer overall.

Vineet Buch, the director of product management for Google Play Apps and Games, describes the purpose more succinctly: “We don’t just care about our own apps, but rather the overall health of the ecosystem. It’s like offering a reward for a missing person even if you don’t know who the missing person is personally.”

A Human Touch is Needed

Google deemed the Goole Play Security Reward Program necessary to take care of malware and other bugs that slip by automated software checks. As Buch puts it, automated software scans could never match a human’s ability to make or find “a truly creative hack.”

For this new initiative, Google is partnering with HackerOne, a website that manages bug bounties. Initially, the two have agreed to adhere to specific guidelines and rules for the program’s rollout. Vulnerabilities that direct users to phishing websites or unknowingly infect devices with viruses are the primary targets for now. The solution for the flaw must also not depend on the installation of another app, or it won’t qualify for the $1,000 reward.

Mobile app developers can only participate if they can work out a cybersecurity resolution to the flaw within 90 days. They must also report the flaw to the developer first and be willing to provide reports detailing their findings and solution. And of course, the solution must meet Google’s criteria. Only after all of this is in order will the developer be awarded $1,000.

The Future for Mobile App White Hat Hacking

Currently, only a few third-party apps are eligible for rewards through this new program. Alibaba, Dropbox, Duolingo, Headspace, Snapchat, and Tinder are all included. Google plans to start small but says that the list will definitely expand over time.

To put things in perspective, Google launched the Android Security Rewards program in 2015. This initiative, which focuses on tightening Nexus device security, has given out approximately $1.5 million in rewards over the course of two years.

So while it’s small-scale for now, there could be great potential to make some extra cash for ambitious developers. With the increasing cost of living in most cities, we know some of you out there are looking for profitable opportunities (San Francisco mobile app developers, we’re looking at you). So, what are you waiting for? There are bugs to be fixed!