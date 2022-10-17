Stories
Google Paying Up to $1,000 for Vulnerabilities in Some Third-Party Android Apps

posted by martyb on Sunday October 22, @09:24PM
takyon writes:

Find a bug in Tinder or Dropbox? You may be able to get paid by Google:

According to HackerOne, Google's new bug bounty program now incentivizes hackers to unearth software vulnerabilities in some of the more popular third-party apps on the Play Store. The new program will presumably result in more secure Android apps while also limiting the damage whenever a serious issue is discovered. While perhaps not a common occurrence, it's not all that unusual to see reports of malware infecting widely downloaded Android apps.

[...] Notably, the new bug bounty program, as it stands now, only applies to Google-developed Android apps and the following third-party apps: Alibaba, Dropbox, Duolingo, Headspace, Line, Mail.Ru, Snapchat, and Tinder. Down the line, though, the program may open up to include additional third-party apps.

Original Submission


  • (Score: 2) by FatPhil on Sunday October 22, @10:28PM (1 child)

    by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Sunday October 22, @10:28PM (#586076) Homepage
    > Google's new bug bounty program now incentivizes hackers to unearth software vulnerabilities in some of the more popular third-party apps on the Play Store. The new program will presumably result in more secure Android apps

    Rewarding the existence of bugs? That will encourage the creation of more bugs. Never heard of the cobra effect?
    I was worried about my command. I was the scientist of the Holy Ghost.

    • (Score: 2) by takyon on Sunday October 22, @10:32PM

      by takyon (881) <{takyon} {at} {soylentnews.org}> on Sunday October 22, @10:32PM (#586078) Journal

      Tinder and Dropbox both store loads of embarrassing user data. It would not be worth it for either company or one of their programmers to sneak in a bug.

      Come to think of it, Dropbox has a multibillion dollar valuation... maybe they should be paying the bug bounties, not Google.

      [SIG] 04/14/2017: Soylent Upgrade v13 [soylentnews.org]
