Long-time Slashdot reader AmiMoJo quotes VentureBeat:
Google, which has already paid security researchers over $15 million since launching its bug bounty program in 2010, today increased the scope of its Google Play Security Reward Program (GPSRP). Security researchers will now be rewarded for finding bugs across all apps in Google Play with 100 million or more installs. At the same time, the company launched the Developer Data Protection Reward Program (DDPRP) in collaboration with [bug bounty platform] HackerOne. That program is for data abuses in Android apps, OAuth projects, and Chrome extensions….
Google also uses this vulnerability data to create automated checks that scan all Google Play apps for similar vulnerabilities. Affected app developers are notified via the Play Console. The App Security Improvement (ASI) program provides them with information on the vulnerability and how to fix it. In February, Google revealed that ASI has helped over 300,000 developers fix over 1,000,000 apps on Google Play.
The article also notes that Android apps and Chrome extensions found to be abusing data “will be removed from Google Play and the Chrome Web Store.”
of this story at Slashdot.
Source:: Slashdot