Google is determined to keep apps running on the Google Play Store safe for both, users & app developers. In order to achieve this it has to circumvent the intentions of nefarious, clever hackers who spend their time investigating ways to hack apps — usually to steal user’s credentials, or change the way apps work to suit their own purposes.
What many don’t know yet still is that instead of engaging security firms to do this job, Google, in conjunction with Hackerone, has a bounty program going on for the past 2 years. The basic idea under this project by Google Hackerone is to pay the hackers to expose vulnerabilities in apps.
This idea works well on 2 levels: the hackers now spend their time fixing apps rather than breaking them, & they’re earning more than they would if they used the security gaps they’ve discovered to sell the data on the Dark Web.
Google’s program is known as the bounty scheme informally, while formally is called Google Play Security Reward Program (GPSRP). The system works by offering app developers the opportunity to include their apps for exposure, while hackers are offered clearly defined reward levels, depending on how well they do.
If a ‘hole’ is discovered by a hacker, the hacker has to report the problem to the developer, then both hacker & developer must work to repair the issue. Once resolved Google pays the bounty to the hacker. The hacker can also expect the developer to pay them as well. So, hackers can earn a legitimate living, without resorting to crime.
Last year alone, Google paid out $3.4 million to 317 hackers for 1,319 vulnerabilities discovered. Hackerone runs a leader board displaying current payouts, & the names of the ‘researchers’, along with the amounts they’ve earned. Also, on show are a series of apps, which hackers can choose to work on. Various fees for different types of vulnerabilities are set out, so that hackers know what they can earn for exposing them.
Full details are available on Hackerone here.
Image Credit: Google
