Recently, Google announced a new bug bounty program for experts that can report the abuses of Google API, Chrome, and Android user data.

Google announced the Developer Data Protection Reward Program (DDPRP), a new bounty program aimed at security experts that discover data abuse issues in popular Android applications, OAuth projects, and Chrome extensions. 

Researchers could report cases of data abuse in third-party apps that have access to the Google API, in Android apps listed on the Play Store, and in Chrome apps and extensions listed on the Chrome Web Store.

“It recognizes the contributions of individuals who help report apps that are violating Google Play, Google API, or Google Chrome Web Store Extensions program policies.” reads the announcement published by Google.

“The program aims to reward anyone who can provide verifiably and unambiguous evidence of data abuse, in a similar model as Google’s other vulnerability reward programs. In particular, the program aims to identify situations where user data is being used or sold unexpectedly, or repurposed in an illegitimate way without user consent.”

The bug bounty program is operated via the HackerOne platform.

Google will analyze every single case reported by the researchers and will offer rewards of up to $ 50,000 for effective abuses.

“If data abuse is identified related to an app or Chrome extension, that app or extension will accordingly be removed from Google Play or Google Chrome Web Store.” concludes Google. “In the case of an app developer abusing access to Gmail restricted scopes, their API access will be removed. While no reward table or maximum reward is listed at this time, depending on impact, a single report could net as large as a $ 50,000 bounty.”

Google also announced it will expand its Play Store bug bounty program to include any Android app in the official store that had over 100 million user installs. In this case, the tech giant will relay the vulnerabilities to app developers and if they will not able to address the issues, Google will remove them from the Play Store.

Pierluigi Paganini

(SecurityAffairs – bug bounty, Google)

The post New Google bug bounty allows reporting the abuses of Google API, Chrome, and Android user data appeared first on Security Affairs.

Security Affairs

Are you looking for products for hacking, cybersecurity, and penetration testing? Do you need to cleanse your smartphone, PC, or website from viruses and malware? Do you need to track down a person or recover urgent information? Do you need to regain control of an account, email, or password that has been stolen from you? Interested in purchasing pre-configured devices to easily and quickly experiment with hacking techniques? Do you have specific requirements in software or hardware? We can assist you!

Contact us immediately for immediate assistance: provide us with details via email or WhatsApp about the type of support you need, and we will respond you promptly!

Fill out and submit the form below to send us an immediate support request

Write your email address here

Write here how we can help you – we provide immediate support for all your needs!