In 2017, the Play Security Reward Program was introduced by Google to encourage researchers to identify vulnerabilities in first and third party apps. All Android apps with over 100 million installations are now included in the initiative.
GPSRP allows security researchers to discover bugs and report them straight to the developer of the application. Google will issue a reward bounty once addressed, helping this program address issues in popular Android apps. Google has already paid out bounties of $265,000 and lately increased benefits.
Google is growing the scope of GPSRP today to cover over 100 million installations for all apps in the Play Store. This allows problems to be reported even if a vulnerability disclosure or bug bounty program is missing from the app developer. Google Play will assist to reveal vulnerabilities recognized in those circumstances responsibly. Previously, the program needed interested Android developers to apply for eligibility with Google.
This program also enables Google to produce automated controls for comparable vulnerabilities that can be used to scan all Play Store applications. This current initiative has helped 300,000 developers to solve more than 1,000,000 apps as part of the App Security Improvement program.
Google is also launching today a Developer Data Protection Reward Program focused on data violence with HackerOne. It is designed to identify and mitigate issues in Android apps, OAuth initiatives, and extensions to Chrome.