Google Targets Data-Abusing Apps with Bug Bounty Launch

From threatpost.com

google developer data abuse bug bounty

Google is looking to battle the malicious apps – and apps abusing user data – on Google Play by improving its bug-bounty program arsenal.

Google is looking to squash vulnerabilities on its Google Play app marketplace with a new bug-bounty program aimed at identifying data-abuse issues in Android apps and Chrome extensions.

The company on Thursday announced the Developer Data Protection Reward Program, which, depending on the impact of the bug found, could net as much as $50,000 for a single report. Launched in collaboration with HackerOne, it’s meant to stomp out apps that violate Google Play, Google API and Google Chrome Web Store Extension program privacy policies.

“The program aims to reward anyone who can provide verifiably and unambiguous evidence of data abuse, in a similar model as Google’s other vulnerability reward programs,” said Google in its announcement. “In particular, the program aims to identify situations where user data is being used or sold unexpectedly, or repurposed in an illegitimate way without user consent.”

Read more…