Google’s plan of making the Playstore a haven for Android apps has not born fruits till date. Still, there are new reports surfacing online showcasing why Google’s Playstore contains a huge number of malware-ridden apps.
The process of bursting them is indeed slow, and the bad actors often find ways to bypass new challenges set to capture them. In fact, news about Android apps having malicious code is a common occurrence.
Recently, Google has expanded its bug bounty program to include any android app on the play store with over 100million downloads. In the past, Google Play Security Reward Program (GPSRP) included top 8 android apps, a very flawed strategy if you ask me.
However, the new rule now paves the way for the inclusion of many apps that are popular on the platform.
One may cite the expansion to CamScanner’s situation whereby the app was yanked out of the Playstore for reportedly having malware buried within its code.
“At Google, we understand the strength of open platforms and ecosystems, and that the best ideas don’t always come from within. It is for this reason that we offer a broad range of vulnerability reward programs, encouraging the community to help us improve security for everyone,” Google said in a blog post.
Under the new program, bug hunters will be rewarded for sniffing bugs in Android apps independent of whether the individual developer runs a bug bounty program for their apps. In a case where a developer runs a bug bounty program, then a bug hunter will be rewarded from both Google and the developer as well. However, the program requires the bug hunter to report the bug first to the developer.
Announcing the expansion, Google, in partnership with HackerOne, also launched a Developer Data Protection Reward Program another bug bounty program. Google says DDPRP is “meant to identify and mitigate data abuse issues in Android apps, OAuth projects, and Chrome extensions.”
Under DDPRP, Google will award anyone that uncovers evidence of data abuse. With DDPRP, one can receive rewards up to $50,000 on a single bounty depending on the effect.
