What you need to know
- Google is expanding its Security Reward Program and launching a new Developer Data Protection Reward Program.
- The Security Reward Program now covers all apps on Google Play with 100 million or more installs — even if app developers don't have a bug bounty program set up.
- With the Developer Data Protection Reward Program, Google aims to crack down on data abuse in apps.
The Google Play Store is filled with a seemingly endless number of apps, and in an age where digital security is becoming more and more important, having systems in place to ensure these apps are as stable and secure as can be is critical. On August 29, Google announced a couple of big changes coming to the Play Store to help with this effort.
First thing's first, the existing Google Play Security Reward Program (GPSRP) is getting a considerable revamp. The GPSRP was launched in June 2017 with HackerOne to help identify bugs in apps, and today, it's being expanded to include any apps on the Play Store that have at least 100 million installs — even if the developers of said apps don't have their own bug bounty program established.
We are increasing the scope of GPSRP to include all apps in Google Play with 100 million or more installs. These apps are now eligible for rewards, even if the app developers don't have their own vulnerability disclosure or bug bounty program. In these scenarios, Google helps responsibly disclose identified vulnerabilities to the affected app developer. This opens the door for security researchers to help hundreds of organizations identify and fix vulnerabilities in their apps.
Since it was launched a little over two years ago, the GPSRP has paid out more than $265,000 in bug bounties.
In addition to the GPSRP getting revamped, Google's also launching a new initiative called the "Developer Data Protection Reward Program" (aka DDPRP).
Google's once again working with HackerOne, and with DDPRP, the companies aim to:
Identify and mitigate data abuse issues in Android apps, OAuth projects, and Chrome extensions.
DDPRP will compensate anyone that's able to "provide verifiably and unambiguous evidence of data abuse", with maximum bounties being as high as $50,000.
AC Podcast 492: TikTok/WeChat Ban; LG Wing; Pixel 5s; PS5
Daniel and Jerry are joined by Alex Dobie and Joe Maring to make sense of the impending (at the time of recording) TikTok and WeChat bans in the U.S. The crew also preview the LG Wing and discuss Apple's recent Watch and iPad announcements in comparison to Android-compatible watches and the Galaxy Tab S7. Alex also reports on the rumored Pixel 5s. Plus, the next-gen consoles are coming...
Foldables are finally good enough to actually spend money on
Foldable phones have come a long way in 18 months, and now with the Galaxy Z Fold 2, we have no major flaws, no shortchanged specs and no hurdles still to overcome. Now is the tipping point when foldables start to actually become worthy of your wallet.
Want an Oculus Quest 2? Here's where to buy one!
The Oculus Quest 2 was announced at Facebook Connect 2020. Here's how to preorder the hottest new wireless VR system around!
Bring home the title with the best Fantasy Football apps for this season
Are you ready for the NFL season? Better question. Are you ready for the Fantasy Football season? These apps make sure you can dominate not only the draft, but the rest of the season on your way to bringing home the belt.