Google has announced the ‘Play Security Reward Program,’ which incentivizes security research into popular Android apps through monetary rewards.
Working with independent bug bounty platform HackerOne, Google says it will invite select security researchers to submit an eligible vulnerability to participating developers.
Currently, the following apps are part of the program:
The researcher will then work with the app developer to fix the vulnerability. Afterwards, researcher must submit a report to the Play Security Reward Program to receive a $1,000 bounty from Google Play.
Finally, Google Play will confirm with the app developer that the researcher took the necessary steps to report and remove the vulnerability and reward the researcher once the criteria has been met.
While the program is currently only invite-only, Google says interested parties can contact their Google Play partner manager to show interest. In the future, Google says it may also allow researchers to opt-in to participate.
More information on the program can be found here.