Application security, Vulnerability Management

New Google bug bounty program for Android apps launched

Google has introduced its new Mobile Vulnerability Rewards Program that would offer rewards for the identification of security flaws in Google's first-party Android applications, BleepingComputer reports. Aside from covering Google's "Tier 1" applications including Google Play Services, Google Cloud, Google Chrome, Chrome Remote Desktop, AGSA, and Gmail Mobile VRP also spans security vulnerabilities in other apps developed by Research at Google, Google Samples, Nest Labs, Fitbit, Waze, and Red Hot Labs. Google will be handing out bounties of up to $30,000 for remote code execution bugs that do not require user interaction and a maximum reward of $7,500 for those enabling remote sensitive data exfiltration. "The Mobile VRP recognizes the contributions and hard work of researchers who help Google improve the security posture of our first-party Android applications. The goal of the program is to mitigate vulnerabilities in first-party Android applications, and thus keep users and their data safe," said Google.

Related

Abusing GitHub flaw could compromise GitLab

Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.