Google has launched a new bug bounty program for the security experts to find and report security flaws in the Android applications. The new Google Play Security Reward Program is being run in partnership with HackerOne and will offer $1000 reward for the reported bugs that meet the criteria.
At this point, only the bugs reported in Google-developed apps, Alibaba, Dropbox, Tinder, Duolingo, Headspace, Line, Mail.ru, and Snapchat apps are eligible for rewards. However, Google notes that more apps may be added to the list in the future.
Typically, the companies offer rewards to find flaws in their own software, but this seems to be the first instance where Google is effectively ‘paying’ to find bugs in others’ apps.
“We don’t just care about our own apps, but rather the overall health of the ecosystem. It’s like offering a reward for a missing person even if you don’t know who the missing person is personally,” Vineet Buch, director of product management for Google Play Apps and Games, told Reuters in an interview.
You can read more about the program at the Google Security Website.