Google continually seeks ways to enhance the privacy and security of its products plus its supporting ecosystems. People at Google comprehend the power of open systems plus ecosystems out there. Because of this, a wide array of vulnerability reward programs are being offered by them at present, thus motivating the society to help them in enhancing safety for the folks.
Security Reward Program Scope of Google Play Enhances
The scope of GPSRP (Google Play Security Reward Program) is being increased by Google for incorporating al the apps within Google Play with over 100 million installations. At present, these apps are entitled to rewards, even though the developers of these apps do not have their personal bug bounty program. In such situations, Google helps the affected app developer to comprehend the recognized vulnerabilities out there. In this way, the security researchers can help various companies to identify plus repair vulnerability in the apps. If the programs are already available to the app developers rewards can be collected by the researchers form them directly apart from the rewards given by Google. The app inventors are encouraged by Google to commence their personal bug bounty platform for working with the security researchers directly.
Google is able to develop automatic checks using vulnerability information from GPSRP which will scan every single app obtainable in Google Play for the same types of vulnerabilities. Google will notify the producers of the apps that have been affected by means of the ASI (App Security Improvement) program offering information on this vulnerability plus the way to solve it. Ever since it was launched, over 3 lakh developers have been aided by ASI to solve over 10 lakh apps on Google Play. Last year, ASI aided more than 30,000 developers to solve over 70,000 apps. As per the downstream effect, all those vulnerable apps will not be allocated to the users until the problem is solved.
Till now, more than $265,000 has been shelled out by GPSRP in the form of bounties. In June plus August, the value of bug bounty rewards amounted to $75,500. These modifications make the folks at Google anticipate that there will be further interaction from the security research community so as to boost the program’s success.
What is the Developer Data Protection Reward Program?
DDPRP happens to be a bounty program whose primary intention is to detect and solve any sort of data abuse in the Android apps, Chrome extensions plus OAuth projects. It identifies the contributions made by the individuals that report apps which violate Google Chrome Web Store, Google Play, or Google API extensions program policies.
The platform will reward anyone providing any proof of data abuse in the identical model similar to the other vulnerability reward programs of Google. If the data mishandling is linked to a Chrome extension or app, that extension or app is going to be removed from Google Chrome Web or Google Play Store immediately. If an app developer abuses access to scopes limited by Gmail, there will be a removal of their API access too. As per the impact, one single report might net a bounty of even $50,000.
Now that we are in 2019, we want to probe further what the researchers are going to find in the near future.