Google has just launched a new bug bounty program exclusively aimed at finding flaws in the Android environment.
To better protect users and their data when they pass through Android, it is imperative to offer them applications that are more secure and less permeable to flaws. To accelerate the movement and make the mobile operating system a safer tool, Google launched its new bug bounty program on May 22, called the Mobile Vulnerability Rewards Program, or Mobile VRP.
Attract more Rift Hunters
With this program, Google intends to attract more flaw hunters to help it find and fix vulnerabilities in Android mobile applications that the company develops, which it owns, or those which it maintains. This includes all Google applications such as Gmail, Chrome and Google Cloud, but also those developed by its subsidiaries or partners Red Hot Labs, Fitbit, Nest, Waymo, or Waze.
Two main families of vulnerabilities have been identified by Google: execution of arbitrary code and theft of sensitive data. The execution of arbitrary code, or ACE (for Arbitrary Code Execution), manifests itself for example by the takeover of an application by the hacker, who can then execute code in an application without having obtained authorization. Regarding the theft of sensitive data, the Mountain View firm is targeting vulnerabilities here that lead to unauthorized access to important personal data from an application on an Android device.
The amount of bonuses revealed by Google
The bounties offered by Google to its hunters can go up to $30,000 in the event of a vulnerability resulting in the execution of unauthorized and remote arbitrary code. If the user followed a link to the vulnerable app, the bounty drops to $15,000. Identifying a flaw that could lead to the theft of sensitive data can bring in up to $7,500.
Google even promises its ethical hackers a $1,000 bounty if they discover a vulnerability called ” particularly surprising », or if it is perfectly recorded from a written point of view.
So far, Google has awarded over $50 million in rewards to thousands of searchers through its various programs. If we ignore the average amount of the bounty, we know that last year, an Android exploit chain of five security vulnerabilities allowed a certain “gzobqq” to receive a nice check for 605,000 dollars, record absolute to date for the American giant. This same researcher had already received $157,000 the previous year for submitting another critical exploit chain.
Source : Google
0