Google wants to pay you for finding security flaws in its biggest Android apps

Craig Hale

May 23, 2023 at 6:47 AM·2 min read

Google has announced a new Android bug bounty program offering rewards in the tens of thousands for those looking to try out their expertise.

The new Mobile Vulnerability Reward Program (VRP) was announced on Twitter, where the company noted, “We are excited to announce the new Mobile VRP! We are looking for bughunters to help us find and fix vulnerabilities in our mobile applications.”

According to the program summary, first-party Android apps are the key focus of this Mobile VRP, where vulnerabilities are hoped to be found and eliminated to keep users’ data safe.

Android bug bounty program

Tier 1 applications are considered in scope for the program, comprising Google Play Services, AGSA, Google Chrome, Google Cloud, Gmail, and Chrome Remote Desktop.

Beyond the above, Tier 1 apps, the program also considers apps made by the following developers: Google LLC, Developed with Google, Research at Google, Red Hot Labs, Google Samples, Fitbit LLC, Nest Labs Inc., Waymo LLC, Waze.

> These are the best malware removal tools

> Google paid its highest-ever bug bounty last year

> Google will now pay bounties for open source software bugs

Rewards start at $500, which applies to the theft of sensitive data or other vulnerabilities in Tier 3 applications, whereby the attacker was found to be on the same network. Remote arbitrary code execution offers the most lucrative reward, whereby prizes are rated at $30,000, $25,000, and $20,000 for Tiers 1, 2, and 3 respectively.

Additionally, the program’s panel has been authorized to award discretionary $1,000 bonuses for various reasons, like “for a particularly surprising vulnerability, or an exceptional writeup.”

As well as arbitrary code execution and the theft of sensitive data, the Mobile VRP states that other vulnerabilities “will be taken into consideration if they are shown to have a security impact.”

Examples of non-qualifying discoveries, along with more detailed information about the program, can be found on the Mobile VRP website.

Need a security boost? Check out the best endpoint protection software and best firewalls

Yahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.
11h ago
Yahoo Sports
2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick
Yahoo Sports' Charles McDonald breaks down the Broncos' 2024 draft.
1d ago
Yahoo Sports
Chiefs sign Travis Kelce to new contract that reportedly makes him highest-paid TE in NFL
Travis Kelce has reportedly gotten a raise.
4h ago
Yahoo Sports
NFL Draft: Packers fan upset with team's 1st pick, and Lions fans hilariously rubbed it in
Not everyone was thrilled with their team's draft on Thursday night.
4d ago
Yahoo Sports
NFL Draft grades for all 32 teams | Zero Blitz
Jason Fitz and Frank Schwab join forces to recap the draft in the best way they know how: letter grades! Fitz and Frank discuss all 32 teams division by division as they give a snapshot of how fans should be feeling heading into the 2024 season. The duo have key debates on the Dallas Cowboys, New York Giants, New Orleans Saints, Los Angeles Rams, New England Patriots, Las Vegas Raiders and more.
6h ago
Yahoo Sports
NFL Draft: Bears take Iowa punter, who immediately receives funny text from Caleb Williams
There haven't been many punters drafted in the fourth round or higher like Tory Taylor just was. Chicago's No. 1 overall pick welcomed him in unique fashion.
2d ago
Yahoo Sports
The expanded 12-team College Football Playoff is here — and it already has problems
There is cause for excitement around the new playoff format. There's also lots of complaints and criticism to go around.
13h ago
Yahoo Sports
Ryan Reynolds and Rob McElhenney, after Wrexham success, purchase stake in Liga MX’s Necaxa
Reynolds and McElhenney are the latest celebrities to invest in Necaxa in recent years.
5h ago
Yahoo Sports
Joel Embiid not happy that Knicks fans took over 76ers home playoff games: It 'pisses me off'
"I don't think that should happen. It's not OK."
1d ago
Autoblog
Rivian put out a feeler to test buyers' willingness to spend on a new R2
Members of the Rivian subreddit posted details of a survey they received, asking how much they'd be willing to spend on different R2 configurations.
12h ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

Google wants to pay you for finding security flaws in its biggest Android apps

Android bug bounty program

Recommended Stories

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

Chiefs sign Travis Kelce to new contract that reportedly makes him highest-paid TE in NFL

NFL Draft: Packers fan upset with team's 1st pick, and Lions fans hilariously rubbed it in

NFL Draft grades for all 32 teams | Zero Blitz

NFL Draft: Bears take Iowa punter, who immediately receives funny text from Caleb Williams

The expanded 12-team College Football Playoff is here — and it already has problems

Ryan Reynolds and Rob McElhenney, after Wrexham success, purchase stake in Liga MX’s Necaxa

Joel Embiid not happy that Knicks fans took over 76ers home playoff games: It 'pisses me off'

Rivian put out a feeler to test buyers' willingness to spend on a new R2