Saturday, October 21, 2017

Google Play Security Reward Program - Get A Chance To Win 1000 $

Google is giving a great chance to win 1000 $ for security experts through bounty program by finding security flaws in Android apps. On 19 October 2017, Thursday Google makes an announcement about a bug bounty program named the “Google Play Security Reward Program”.  According to this program, Google will give a reward of 1000 $ to a security expert who finds security flaws in Android apps and then reports it to Google researchers.

As Google and large application developers always take care about security of their users and try to provide a secure, safe and most comfortable users experience. Google Play Security Reward Program is running by Google to make applications that are listed on play store more secure and safe. And through the security reward program google trying to make all applications free to all vocabularies, malicious software, hacking and pushing etc.

You Must Also Read:- Google Added " Try It Now " Button To Play Store By Using Instant Apps

For running security reward program Google has the partnership with HackerOne which is a website that manages bounty programs. HackerOne with creating a list of all application and flaws such as those that allow a hacker to redirect a user to a phishing website or infect a gadget with a virus. In the list all applications those are developed by many developers will be included and in the list, the applications those are developed by Google will also include.

The launch partners for this bug bounty are Alibaba, Dropbox, Duolingo, Headspace, Line,, Snapchat, and Tinder, with more to come in the future if the program proves to be successful .

All the applications developers participating in into the program must have their own coordinated disclosure program in place, Security researcher will be rewarded by Google Play Security Reward Program only after the vulnerability is made public by the participating company. Once the vulnerability is publicized, the discoverer will have 90 days to apply for the additional reward from Google. As the bug bounty is there purely to provide an additional bonus payment over and above what is offered by each participating company, the bug bounty currently only has one payment tier; $1,000 for remote code execution.

In the official page of Google Play Security Reward Program Google published that ," The Google Play Security Reward Program recognizes the contributions of security researchers who invest their time and effort in helping us make apps on Google Play more secure. All Google’s apps are included and developers of popular Android apps are invited to opt-in to the program. Interested developers who aren’t currently in the program should discuss it with their Google Play partner manager. Through the program, we will further improve app security which will benefit developers, Android users, and the entire Google Play ecosystem. " .

Procedure To Claim Reward From Google :- 

 Google clearly announced that google will not work directly with the researcher for reward program to claim the reward user must have to indetify the vocabulary on the in - scope application . After indetifying vocabulary in application researcher must report about  vocabulary to the developer if that application then the developer and researcher will work together to resolve the identified vocabulary . After resolving the vocabulary issue the researcher can contact google to claim the reward . The Play Security Reward Program will evaluate each submission based on the above Vulnerability Criteria and reward accordingly. A reward of $1000 will be rewarded for issues that meet this criteria. Any and all reward decisions are ultimately at the discretion of the Google Play Security Reward Program. In the future, other vulnerabilities may be introduced into scope.