Advertise on ITWeb         Thu, 14 Dec, 22:51:56 PM

Google offers bug bounty to clean up mobile apps

Each flaw will score at least $1 000 under the Android bug bounty initiative.

Each flaw will score at least $1 000 under the Android bug bounty initiative.

Google is offering security experts a bounty to identify Android app flaws, as the Alphabet unit seeks to wipe out bugs from its Google Play store.

Each flaw will score at least $1 000 under the programme announced yesterday to back up automated checks that have failed to block malware and other problems that security experts say infect the eight-year-old app store far more than Apple's rival App Store.

Google will partner with HackerOne, a bug bounty programme management Web site, to target a list of apps and flaws such as those that allow a hacker to redirect a user to a phishing Web site or infect a gadget with a virus.

Software scans cannot match a person's ability to discover "a truly creative hack", Vineet Buch, director of product management for Google Play Apps and Games, said in an interview.

The Google Play Security Reward Programme effectively sponsors research into software created by other companies. Bug bounties by Microsoft, Apple and Alphabet have been awarded only for tracing flaws in their own software.

"We don't just care about our own apps, but rather the overall health of the ecosystem," Buch said. "It's like offering a reward for a missing person even if you don't know who the missing person is personally."

Google did not reveal the funding for its programme, but said it would start small.

Google's bug bounty programme for its Android mobile operating system, launched in June 2015, doled out $1.5 million for hundreds of vulnerability reports over its first two years.

Copyright 2017 Reuters Limited. All rights reserved. Republication and redistribution of Reuters content is expressly prohibited without the prior written consent of Reuters. Reuters shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Our comments policy does not allow anonymous postings. Read the policy here




Sponsors Message