Google has recently made some interesting announcements for the community of ethical hackers. One such announcement is the expansion of the bug bounty program scope for Google Play Store to include more apps. The other announcement is about the launch of another bug bounty program from Google – the Developer Data Protection Reward Program.
Google Launches New Bug Bounty Program ‘DDPRP’
According to a recent blog post from Android’s Security and Privacy officials, Google launches some tempting bug bounty program changes. One of these temptations is the launch of a dedicated ‘Developer Data Protection Reward Program’. This new bug bounty program from Google covers all third-party apps abusing Google user data.
Reportedly, like Google Play Security Reward Program (GPSRP), the new DDPRP also works in collaboration with HackerOne. The program will cover data abuse incidents related to Android applications, Chrome extensions, and OAuth projects.
Elaborating on the new bug bounty program, the blog post reads,
In particular, the program aims to identify situations where user data is being used or sold unexpectedly, or repurposed in an illegitimate way without user consent.
Specifically, under this program, researchers can report applications that violate the Google API, Google Play, and Google Chrome Web Store Extensions program policies. In the case of proven violations from an app developer, Google will remove their API access. Whereas, for apps and Chrome extensions involved in data abuse, Google will straight away remove them from the Play Store or Google Chrome Web Store.
Rewards To Announce Soon
For now, Google has not announced any specific reward table for this program. Nonetheless, they didn’t miss to hint about the potentially tempting rewards coming up in the future – as much as $50,000. As stated in the blog post,
While no reward table or maximum reward is listed at this time, depending on impact, a single report could net as large as a $50,000 bounty.
Interested people can take a look at this link for more details of the new bug bounty program.
Earlier this month, Facebook also announced a similar expansion as it included Instagram data abuses by third-parties in its bug bounty program.
Let us know your thoughts in the comments.