With the newly made announcements, Google wants to find bugs in the Play store with the help of various firms. This move will help Google to expand the scope of GPSRP (Google Play Security Rewards Program) to multiple Play Store apps will millions of installs. Simultaneously, Google has also launched a program called “Developer Data Protection Reward Program” in alliance with HackerOne. The project aims at finding various incidents of data abuse in Android gadgets, Chrome Extensions, and OAuth projects.
After Steam Zero-day controversy, Bug Bounty gets recent updates by Valve.Microsoft had to shell out millions due to the bug bounty last year.
Bug Bounty was initially launched in the year 2010, and since then Google has paid close to $15 million to security researchers. GPSRP has also funded $256k on similar lines. With the addition of New Android apps, Google is making itself more eligible to earn rewards. Google is planning to use the vulnerability data to develop automated scan checks. By doing this, Google will be able to scan other apps for similar vulnerabilities. Play Console notifies all developers whose app contains Bugs, additionally ASI, App security improvement will provide details about the loopholes and ways to fix them. As per data released by Google, ASI has assisted around 300k developers to fix bug issues.
DDPRS | Developer Data Protection Reward Program
Besides the Bug Bounty program, Google has also announced the launch of its DDPRS program. With its help, Google plans to identify and mitigate data leakage issues from Chrome extensions, Android apps, and oAuth projects. Rather than finding loopholes, it will reward security experts who will detect various applications which have violated the policies of Google API, Google Play Store, and Chrome Web Store extension program. All found abuses which get validated will earn a reward. On the DDPRS page of Hacker’s One, Google displays information about various apps that access users data and breaks its permission policy. However, the reward attached to it is not very high. However, security researchers can still earn up to $50k bounty. All Chrome extensions and Android apps that are found abusing users data will be blocked and removed for Play Store. Additionally, if the developer is found guilty, their API access will also be removed.