Google Launches Bug Bounty Program for Android Apps. The program pays security researchers to find bugs in Google’s own Android applications.
Google is launching the Mobile Vulnerability Rewards Program (Mobile VRP), a new bug bounty program for Android apps. The system aims to find weaknesses in Android apps that Google develops or maintains.
Consider, for example, the Gmail app and Android apps from Fitbit, Nest and Waze, all of which are now part of Google.
Google says it will pay a maximum of $30,000 for bugs found, precisely the dangerous kind that allows remote code execution without user intervention. In addition, bugs that potentially lead to theft of sensitive data and other vulnerabilities can earn up to $7,500.
Google has had several bug bounty programs for some time. Last year in August, it released a program for Google’s open-source software, but there are also specific programs for Google Play and other services. Since its bug bounty programs launched in 2010, Google says it has awarded over $50 million.