Tuesday, 24 October 2017
3 comments

Google Offers Big Rewards To Hack Android's Most Popular Apps

Google Offers Big Rewards To Hack Android's Most Popular Apps


Google Offers Big Rewards To Hack Android's Most Popular Apps


Google is looking to improve its Play Store security. Google calls security researchers who invest their time and effort in order to make apps on Google Play Store more secure. It will help in improving the security from Fake and Malicious Apps and more benefit the developers and Android users.

All Google apps are included and developers of only popular Android apps are invited to opt-in to this program yet.

Scope of Program

For now, the scope is limited to RCE (remote-code-execution) vulnerabilities and corresponding POCs (Proof of concepts) that work on Android 4.4 devices and higher.

This translates to any RCE vulnerability that allows an attacker to run code of their choosing on a user’s device without user knowledge or permission.

Examples may include:
  • Attacker gaining full control, meaning code can be downloaded from the network and executed (download and execute arbitrary code, native, Java code etc. Javascript)
  • UI Manipulation to commit a transaction. For example, causing a banking app to make money transfers on behalf of the user without their consent.
  • Opening of webview that may lead to phishing attacks. Opening webview without user input or interaction.

Note: There is no requirement that OS sandbox needs to be bypassed.

Currently, there are eight different developers to be approved for the program such as Alibaba, Dropbox, Duolingo, Headspace, Line, Mail.ru, Snapchat, and Tinder, but Google says it’s working with more app makers to expand the program. And more apps will expand later, Google said.


How it works?

Reports states these steps:
  • Researcher identifies vulnerability within an in-scope app and reports it directly to the app’s developer via their current vulnerability disclosure or bug bounty process. Visit the program page on HackerOne for in-scope apps.
  • App developer works with the researcher to resolve the vulnerability.
  • Once the vulnerability has been resolved, the researcher requests a bonus bounty from the Google Play Security Rewards Program hosted on HackerOne.
  • Android Security team issues a reward to the researcher to thank them for improving the security of the Google Play ecosystem.

Note: All qualifying reports sent to the Google or Chrome Vulnerability Reward Programs will automatically be considered for a reward from the Google Play Security Reward Program. There is no need to submit vulnerabilities submitted to Google again to the Google Play Security Reward Program.

Reward Amounts

The Play Security Reward Program will evaluate each submission based on the above Vulnerability Criteria and reward accordingly. A reward of $1000 will be rewarded for issues that meet this criteria.

Any and all reward decisions are ultimately at the discretion of the Google Play Security Reward Program. In the future, other vulnerabilities may be introduced into scope.

3 comments:

  1. Are u looking to hire an hacker/private investigator? I will recommend you contact [email protected] or text his number +15402277725. He helped track my cheating spouse when I suspected he was cheating, all he requested for was a phone number. He can spy on any phone without physical access. If u need to keep track of the things your teens are doing on their phone/computer or track a cheater or scammer dont hesitate to contact him.You get unrestricted and unnoticeable access to your partner/spouse/anybody's social accounts,email etc.He will never disappoint u. Tell him Jane referred u. Contact him today!

    ReplyDelete
  2. Do you know that you can hack any ATM machine !!!

    We have specially programmed ATM cards that can be used to hack any ATM machine, this ATM cards can be used to withdraw cash at the ATM or swipe, stores and outlets. We sell this cards to all our customers and interested buyers worldwide, the cards has a daily withdrawal limit of $5000 in ATM and up to $100,000 spending limit in it stores. We also have credit cards for online shopping, we give the credit cards details to our interested clients worldwide including the credit card cvv.if you are in need of any other cyber hacking services, we are here for you at any time any day.
      
    Here is our price list for ATM cards:
    BALANCE PRICE
    $2000 ----------------$150
    $5,000----------------$300
    $10,000 ------------- $650
    $20,000 ------------- $1,200
    $35,000 --------------$1,900
    $50,000 ------------- $2,700
    $100,000------------- $5,200
     The price include shipping fees,order now: via [email protected]

    ReplyDelete

 
Toggle Footer
Top