Google Will Pay $1,000 For Finding Software Bugs In Third-party Apps

Finding Software Bugs: Google has found many malware-infected apps in past months. It seems that they have become more serious regarding those apps which are dangerous or its users. The malware developers have become more violent and advanced these days hence many tech companies have introduced some “bug bounty” programs. In these programs, the companies offer an economic gift to users who uncovers severe exposure in software. Earlier, Google has introduced many “bug bounty” programs, and they have come up with another program in which the company will pay $1,000 if anyone finding software bugs in third-party apps.

HackerOne states that Google’s latest bug bounty program currently encourages hackers to expose software exposures in Play Store available famous third-party app. The program will most probably remove the malware-infected apps and protect Android apps. The programs will also reduce the impairment every time a crucial malware is revealed. It’s not shocking that lots of Android apps present in the Play Store have malware and some of them have already infected lots of victims. If you can detect a bug in Android apps, then you need to know that Google’s latest program will pay you $1,000 with each validated software vulnerability.

The vulnerability measures are as follows:

Currently, the range of Google’s bug bounty program is restricted to RCE (remote-code-execution) vulnerabilities and corresponding POCs (Proof of concepts) which runs on Android 4.4 devices and above.

In RCE vulnerability, hackers operate any code on a victim’s phone without their permission. Here, they get full access to the victim’s device that means the code is downloaded from the range and performed. The hackers can also force the victims to make a transaction, and at that time they misuse the UI and steal banking data like PIN codes and card details. They can start webview which results in phishing attacks.

It is not needed to avoid the OS sandbox. Remarkably, the latest bug bounty program is limited only for Google built-up Android apps and other third-party apps like Alibaba, Dropbox, Duolingo, Headspace, Line, Mail.Ru, Snapchat, and Tinder. The program can add some other third-party apps soon.