Google is giving a great chance to win 1000 $ for security experts through the bounty program by finding security flaws in Android apps. On 19 October 2017, Thursday Google makes an announcement about a bug bounty program named the “Google Play Security Reward Program”.  According to this program, Google will give a reward of 1000 $ to a security expert who finds security flaws in Android apps and then reports it to Google researchers.

As Google and large application developers always take care about the security of their users and try to provide secure, safe, and most comfortable users experience. Google Play Security Reward Program is running by Google to make applications that are listed on the play store more secure and safe. And through the security reward program google trying to make all applications free to all vocabularies, malicious software, hacking, and pushing, etc.

For running a security reward program Google has a partnership with HackerOne which is a website that manages bounty programs. HackerOne with creating a list of all applications and flaws such as those that allow a hacker to redirect a user to a phishing website or infect a gadget with a virus. In the list, all applications that are developed by many developers will be included and in the list, the applications those are developed by Google will also include.

You Must Also Read:- Google Added " Try It Now " Button To Play Store By Using Instant Apps

The launch partners for this bug bounty are Alibaba, Dropbox, Duolingo, Headspace, Line, Mail.ru, Snapchat, and Tinder, with more to come in the future if the program proves to be successful.

All the application developers participating in the program must have their own coordinated disclosure program in place, Security researcher will be rewarded by Google Play Security Reward Program only after the vulnerability is made public by the participating company. Once the vulnerability is publicized, the discoverer will have 90 days to apply for the additional reward from Google. As the bug bounty is there purely to provide an additional bonus payment over and above what is offered by each participating company, the bug bounty currently only has one payment tier; $1,000 for remote code execution.

On the official page of Google Play Security Reward Program Google published," The Google Play Security Reward Program recognizes the contributions of security researchers who invest their time and effort in helping us make apps on Google Play more secure. All Google’s apps are included and developers of popular Android apps are invited to opt-in to the program. Interested developers who aren’t currently in the program should discuss it with their Google Play partner manager. Through the program, we will further improve app security which will benefit developers, Android users, and the entire Google Play ecosystem. ".

Procedure To Claim Reward From Google:- 

 Google clearly announced that google will not work directly with the researcher for a reward program to claim the reward user must have to identify the vocabulary on the in-scope application. After identifying vocabulary in the application researcher must report about vocabulary to the developer if that application then the developer and researcher will work together to resolve the identified vocabulary. After resolving the vocabulary issue the researcher can contact google to claim the reward. The Play Security Reward Program will evaluate each submission based on the above Vulnerability Criteria and reward accordingly. A reward of $1000 will be rewarded for issues that meet these criteria. Any and all reward decisions are ultimately at the discretion of the Google Play Security Reward Program. In the future, other vulnerabilities may be introduced into scope.