If the Google Play Security Reward Program doesn't seem like a typical bug bounty program, that's because it isn't.
Yes, hackers will be on the hunt for vulnerabilities. And, yes, they'll reap rewards for finding them. But the Google Play Security Reward Program represents the first time top Android app developers are being asked establish public-facing vulnerability disclosure programs on the HackerOne platform…with Google Play picking up the tab for bonus bounties of $1,000 for any vulnerability that qualifies.
“The goal of the program is to further improve app security which will benefit developers, Android users, and the entire Google Play ecosystem,” according to a HackerOne post.
Already, a number of apps are included in the program. But the program isn't confined to third-party apps – Google will include first-party apps in the initiative as well.
As the Android ecosystem evolves, we continue to invest in leading-edge ideas to strengthen security,” Vineet Buch, director of product management at Google Play, said in a statement. “Our goal is continue to make Android a safe computing platform by encouraging our app developers and hackers to work together to resolve unknown vulnerabilities, we are one step closer to that goal.”