Google has introduced a brand new Android bug bounty program providing rewards within the tens of hundreds for these trying to check out their experience.
The brand new Cell Vulnerability Reward Program (VRP) was introduced on Twitter, the place the corporate famous, “We’re excited to announce the brand new Cell VRP! We’re searching for bughunters to assist us discover and repair vulnerabilities in our cell functions.”
In line with this system abstract, first-party Android apps are the important thing focus of this Cell VRP, the place vulnerabilities are hoped to be discovered and eradicated to maintain customers’ information secure.
Android bug bounty program
Tier 1 functions are thought of in scope for this system, comprising Google Play Companies, AGSA, Google Chrome, Google Cloud, Gmail, and Chrome Distant Desktop.
Past the above, Tier 1 apps, this system additionally considers apps made by the next builders: Google LLC, Developed with Google, Analysis at Google, Purple Scorching Labs, Google Samples, Fitbit LLC, Nest Labs Inc., Waymo LLC, Waze.
Rewards begin at $500, which applies to the theft of delicate information or different vulnerabilities in Tier 3 functions, whereby the attacker was discovered to be on the identical community. Distant arbitrary code execution provides probably the most profitable reward, whereby prizes are rated at $30,000, $25,000, and $20,000 for Tiers 1, 2, and three respectively.
Moreover, this system’s panel has been approved to award discretionary $1,000 bonuses for varied causes, like “for a very stunning vulnerability, or an distinctive writeup.”
In addition to arbitrary code execution and the theft of delicate information, the Cell VRP states that different vulnerabilities “might be considered if they’re proven to have a safety affect.”
Examples of non-qualifying discoveries, together with extra detailed details about this system, may be discovered on the Cell VRP web site.