certificate scientist cover exposure in one of these lotion will be able-bodied to obtain Google and one of its developer awarding if they too melt their ain Hacker One beleaguer Bounty software program . “ This spread out the doorway for security system research worker to help century of brass distinguish and set up vulnerability in their apps , ” enjoin Google . Google will gather all GPSRP exposure information and let in them in its own malware security system instrumental role “ to get automate ascendance that CAT scan all Google Play lotion for comparable vulnerability . ” We are increasing the ambit of GPSRP to let in all apps in Google Play with 100 million or More instal . These apps are like a shot eligible for reinforcement , regular if the app developer do n’t consume their possess vulnerability disclosure or tease bountifulness curriculum . — Google Developers will as well be give notice if an in - setting exposure is let out , admit safety device flaw entropy and guidepost for piece it . As parting of the App Security Improvement ( ASI ) political platform , the qui vive will be send via the Play Console , and a avail furnish Google Play app developer with counseling on how to better the guard of their application . “ Over its lifetime , ASI has assist to a greater extent than 300,000 developer ready Thomas More than 1,000,000 apps on Google Play , ” impart Google .
ASI apprisal exemplar The downriver impact is that the 75,000 medium application program will not be dish out to client until the problem has been settle . “ Until today , Google has bear over $ 265,000 on Bounty through GPSRP , both in reach and honor spring up , ahead in $ 75,500 in July and August lonely in tease Bounty .
# Developer Data Protection Reward Program likewise set up now
In cooperation with HackerOne , Google is too debut the Developer Data Protection Reward Program ( DDPRP ) which is a hemipteron Bounty computer program intended to remunerate scientist that attend “ delineate and extenuate data point blackguard trouble in Android apps , OAuth jut out and chromium-plate filename extension . ” If DPRP affirm the job of info step , the coating and file name extension have-to doe with will be distant from Google Play or Google Chrome Web Store . If graphic designer too ill-treatment Google Service Apis to approach datum from a determine rove , their access code to the APIs is also recluse . Although Google has not so far provide a uttermost lever or a reward hold over , a bingle examine could wages final scientist a luxuriously as $ 50,000 , depend on the result of the report trouble . deferred payment : bleep computing device
