Google has announced new changes to Google Play Security Reward Program (GPSRP), as well announced the launch of the new Developer Data Protection Reward Program (DDPRP), & included all apps in Google Play with 100 million or more installs.
It said on its official blog that all these apps were now eligible for rewards, even if the app developers didn’t have their own vulnerability disclosure or bug bounty program.
This opens the door for security researchers to help hundreds of organizations identify & fix vulnerabilities in their apps. If the developers already have their own programs, researchers can collect rewards directly from them on top of the rewards from Google. We encourage app developers to start their own vulnerability disclosure or bug bounty program to work directly with the security researcher community.
– Google
To date, GPSRP has paid out over US $265,000 in bounties. Recent scope and reward increases had resulted in $75,500 in rewards across July & August alone. With these changes, Google said it anticipated “even further engagement from the security research community to bolster the success of the program.”
To read the post, click here.
