Huawei to launch new smartphones with Google apps in South Africa

Bug bounty programs have become a popular way for developers to track down security issues in software, but big pay-outs are not something that every company can afford. To more effectively curb such instances, Google has expanded its Google Play Security Reward Program (GPSRP) to cover all apps that have clocked 100 million or more downloads on the Play Store.

In making the change, Google acknowledges that not all app developers have the finances to support their own bug bounty programs. According to Google's Play Console Help page (via Android Police), videos preceded by ads will not be allowed; developers will have until November 1st to turn off the monetization setting or upload another version of the video that doesn't contain an advertisement. Why? This opens the door for security researchers to help hundreds of organizations identify and fix vulnerabilities in their apps.

Security researchers can now collect bounty for discovering vulnerabilities and serious security bugs in eligible apps, even if the developers are not running a bug bounty programme.

The search giant has also launched a new program in collaboration with HackerOne called the Developer Data Protection Reward Program (DDPRP) aimed at finding data abuses in Android apps, OAuth projects and Chrome extensions.

Google had initially launched the Google Play Security Rewards Program (GPSRP) as a way for hackers and security researchers to report vulnerabilities in eight top apps on the Play Store. This program is created to highlight instances of data abuse in Android apps, Chrome extensions and OAuth projects.

Those that can find evidence of data abuse that can be verified could get paid. In particular, the program aims to identify situations where user data is being used or sold unexpectedly, or repurposed in an illegitimate way without user consent.

Consumers will have to download the apps on the internet like they do in China - installing an app shop like Aptoide, Google Play, or directly from any APK repository, like APKmirror.com. On a similar note, involvement in abusing access to Gmail restricted scopes will result in the removal of API access. Discovery of vulnerabilities that lead to data theft will be rewarded with $3,000 (roughly Rs. 2,15,000), while those that concern access to a protected app component will net the finder an equivalent amount.