Tuesday, October 22, 2019
Home > News > Mobile > Google wants to pay hackers to find bugs on mobile apps

Google wants to pay hackers to find bugs on mobile apps


* Google will partner a bug bounty management website, HackerOne to target a list of apps

* Each flaw will score at least $1,000 (₦360,000)

* The California-based search giant has since 2015 doled out $1.5 million through a similar bug bounty program that has identified hundreds of vulnerabilities on Android mobile OS


Google is offering security experts a bounty to identify Android app flaws as the Alphabet Inc. unit seeks to wipe out bugs from its Google Play store.

Each flaw will score at least $1,000 (₦363,000) under the programme announced on Thursday to back up automated checks that have failed to block malware and other problems that security experts say infect the 8-year-old app store far more than Apple Inc’s rival App Store.

Google will partner with HackerOne, a bug bounty programme management website, to target a list of apps and flaws such as those that allow a hacker to redirect a user to a phishing website or infect a gadget with a virus.

Software scans cannot match a person’s ability to discover “a truly creative hack,” Vineet Buch, director of product management for Google Play Apps and Games, said in an interview.

Google Play store logo
Google seeks to wipe out bugs from its Play store

The Google Play Security Reward Programme effectively sponsors research into software created by other companies. Bug bounties by Microsoft Corp, Apple and Alphabet have been awarded only for tracing flaws in their own software.

“We don’t just care about our own apps, but rather the overall health of the ecosystem,” Buch said. “It’s like offering a reward for a missing person even if you don’t know who the missing person is personally.”

Google did not reveal the funding for its programme, but said it would start small.

Google’s bug bounty programme for its Android mobile operating system, launched in June 2015, doled out $1.5 million for hundreds of vulnerability reports over its first two years.

 

Share this article with your friends

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.