Google launches a bug bounty program

Patrick Devaney


The Google Play Store has been plagued with bugs, fake apps, phishing scams, and general malware for years. We’ve reported on an endless stream of malware discoveries in recent times with the stories falling either to security researchers who’ve discovered something not right or Google efforts to clean up some sort of mess.

With Google’s Android mobile operating system sitting at the heart of most of the smartphones on the planet, this prevalence of bad code is to be expected. It is even less of a surprise due to the open nature of the Android source code. Google wants anybody who can code to be able to contribute to the OS but unfortunately, that also opens it up to hackers and cyber criminals too.

It is in this environment that Google has recently announced the formation of a new program that will incentivize the reporting of bad code. This means it won’t just be relying on the good faith of the ‘good guys’ to out the behavior of the ‘bad guys.’

Google’s new Developer Data Protection Reward Program (DDPRP) is now targeting cases of data abuse and offers rewards of up to $50,000

The new DDPRP that Google recently announced in a blog post is now offering massive rewards to security researchers who can identify certain issues. The program is targeting cases of potential data abuse in apps that fit three categories. These are third-party apps that have access to the Google API, Android apps listed on the Play Store, and Chrome apps and extensions listed on the Chrome Web Store.

The blog post says, “In particular, the program aims to identify situations where user data is being used or sold unexpectedly, or repurposed in an illegitimate way without user consent. If data abuse is identified related to an app or Chrome extension, that app or extension will accordingly be removed from Google Play or Google Chrome Web Store.” Although the Android Developer’s Google blog post goes on to say that there will be no fixed table of rewards for certain types of discoveries it does make it clear that bounties will go up to $50,000.

This new Google initiative mirrors a recent move made by Facebook in the wake of the Cambridge Analytica scandal. Like Google, Facebook has an incredibly large user base and so when user data was leaked it was on an industrial scale and the consequences rocked Western democracy as we know it. Facebook recently extended its bug bounty program to include Instagram apps and now Google has also moved to offer rewards to developers and programmers out there with a nose for sniffing out foul play.

If you use Facebook on your Mobile you need to Beware of this Scam

Google hasn’t fallen victim to a huge infraction on the scale of the Cambridge Analytica debacle, that many analysts say Facebook is still reeling from today. As we mentioned earlier, however, it has been hit with multiple smaller scandals involving apps on the Google Play Store. With such huge numbers of apps being added to the store every day, freelancing out the bug hunting program is likely the most effective method of policing the platform.

As to whether the move will prove successful in the long run and result in fewer outbreaks of malware etc. remains to be seen. It is refreshing, however, to see a pro-active move from the mountain view company.

You may also like