Google will pay $ 1,000 for the vulnerabilities discovered in third-party applications
21.10.2017 0 Comments
If a hacker will be able to find a bug in the app from Google Play, he will receive cash reward from $ 1,000.
The company said that their experts failed to solve the problem using the standard methods: automation and the use of personnel resources. Google was forced to take this step, hoping to improve the quality of third-party apps in the store. So the company has responded to accusations of turning their catalog into a “digital landfill of infection.”
Hackers should send the information about detected bugs directly to the developers, work with them, and then apply to the program HackerOne to their reward. Google promises to pay $ 1,000 for every mistake corresponding to certain criteria. The more serious the vulnerability, the higher the amount the maximum award amount is not limited.
Yet to Play Security Reward Program had eight of 13 developers of popular applications, among which Tinder, Mail.ru, Snapchat, Dropbox, Alibaba, Duolingo and Line. The list of applications will expand.
Since September last year, Apple pays money for the found vulnerabilities in macOS and iOS. Minimum fee is 20 thousand dollars, the maximum — 200 thousand dollars. The amount of cash bonus will depend on the importance and criticality of vulnerabilities found.
Similar bonus programs have been popular and less known developers. Companies have learned to attract hackers to fix vulnerabilities, instead of waiting for when they use bugs for criminal purposes.
Follow the news in our Telegram-channel, as well as in the app on iOS MacDigger.