Google is introducing a new bug bounty program to help root out vulnerabilities in third-party apps in its Google Play storefront. The Google Play Security Reward Program will pay researchers who discover problems in popular Android apps found in the store.
The company is collaborating with vulnerability coordination and bug bounty platform HackerOne. Developers are only able to participate if they’re willing to respond to and fix the bugs in a timely manner, must follow HackerOne’s disclosure guidelines and provide detailed reports. Presently, Alibaba, Dropbox, Duolingo, Headspace, Line, Mail.ru, Snapchat, and Tinder are eligible for rewards, but Google says that this list will expand with time. According to HackerOne, hackers will identify app vulnerabilities and report it to the developer, and both work out a resolution within 90 days. The hacker then requests a reward from the program. Once it’s evaluated and found to meet Google’s criteria, the finder will be awarded $1000.