GOOGLE WILL OFFER SECURITY EXPERTS $1,000 AS BUG BOUNTY TO FIND FLAWS IN SOME TOP ANDROID APPS. THE MOVE IS AIMED AT CLEANING BUGS FROM GOOGLE PLAY STORE. GOOGLE ALREADY RUNS ITS OWN BUG BOUNTY PROGRAMMES FOR CHROME, ANDROID AND WEBSITES. WITH THIS, THE COMPANY IS NOW EXPANDING THE PROGRAMME TO INCLUDE SOME OF THE MOST POPULAR ANDROID APPS ON GOOGLE PLAY STORE.
"AS THE ANDROID ECOSYSTEM EVOLVES, WE CONTINUE TO INVEST IN LEADING-EDGE IDEAS TO STRENGTHEN SECURITY. OUR GOAL IS CONTINUE TO MAKE ANDROID A SAFE COMPUTING PLATFORM BY ENCOURAGING OUR APP DEVELOPERS AND HACKERS TO WORK TOGETHER TO RESOLVE UNKNOWN VULNERABILITIES, WE ARE ONE STEP CLOSER TO THAT GOAL," SAID VINEET BUCH, DIRECTOR OF PRODUCT MANAGEMENT, GOOGLE PLAY.
THE SEARCH GIANT HAS TIED UP WITH THE BUG BOUNTY PROGRAM MANAGEMENT WEBSITEHACKERONE FOR THIS. UNDER THE PROGRAMME, DEVELOPERS OF SOME OF THE POPULAR ANDROID APPS ARE BEING INVITED TO START HACKER-POWERED SECURITY PROGRAMS ON HACKERONE. GOOGLE PLAY WILL GIVE A BONUS REWARD OF $1,000 TO HACKERS WHO 'VULNERABILITIES'. DEVELOPERS CAN FIND THE APPS THAT ARE OPTED IN AT THE GOOGLE PLAY SECURITY REWARD PROGRAM PAGE ON HACKERONE. THE HACKERONE WEBSITE SAYS THAT MORE APPS WILL BE ADDED TO THE LIST OVER TIME AS MORE DEVELOPERS OPT-IN.
"FOR NOW, THE SCOPE OF THIS PROGRAM IS LIMITED TO RCE (REMOTE-CODE-EXECUTION) VULNERABILITIES AND CORRESPONDING POCS (PROOF OF CONCEPTS) THAT WORK ON ANDROID 4.4 DEVICES AND HIGHER. THIS TRANSLATES TO ANY RCE VULNERABILITY THAT ALLOWS AN ATTACKER TO RUN CODE OF THEIR CHOOSING ON A USER'S DEVICE WITHOUT USER KNOWLEDGE OR PERMISSION," SAYS HACKERONE ON ITS WEBSITE. ALL GOOGLE-DEVELOPED ANDROID APPS AVAILABLE ON GOOGLE PLAY ARE SAID TO BE INCLUDED IN THE SCOPE.
HERE ARE SOME OF THE TOP APPS THAT ?GOOGLE WILL PAY $1,000 BOUNTY FOR:
ORGANIZATION/DEVELOPER: ALIBABA
PACKAGE NAME: COM.ALIBABA.ALIEXPRESSHD
ORGANIZATION/DEVELOPER: DROPBOX
PACKAGE NAME: COM.DROPBOX.ANDROID, COM.DROPBOX.PAPER
ORGANIZATION/DEVELOPER: DUOLINGO
PACKAGE NAME: COM.DUOLINGO
ORGANIZATION/DEVELOPER: HEADSPACE
PACKAGE NAME: COM.GETSOMEHEADSPACE.ANDROID
ORGANIZATION/DEVELOPER: LINE
PACKAGE NAME: JP.NAVER.LINE.ANDROID
No comments:
Post a Comment