Skip to main content

Google launched a new bug bounty program to root out vulnerabilities in third-party apps on Google Play

Google launched a new bug bounty program to root out vulnerabilities in third-party apps on Google Play

/

Google will dole out $1000 for issues that meet its criteria

Share this story

Image: Ryne Hager

Google is introducing a new program to help root out vulnerabilities in third-party apps in its Google Play storefront. The Google Play Security Reward Program will pay researchers who discover problems in popular Android apps found in the store.

Google has maintained bug bounty programs for products such as Chrome, Chrome OS and others, paying thousands of dollars for vulnerabilities. Developers of popular apps are invited to opt-in to the program to “proactively [improve] the security of some of the most popular Android apps on Google Play.”

The company is collaborating with vulnerability coordination and bug bounty platform HackerOne. Developers are only able to participate if they’re willing to respond to and fix the bugs in a timely manner, must follow HackerOne’s disclosure guidelines and provide detailed reports. Presently, Alibaba, Dropbox, Duolingo, Headspace, Line, Mail.ru, Snapchat, and Tinder are eligible for rewards, but Google says that this list will expand with time.

According to HackerOne, hackers will identify app vulnerabilities and report it to the developer, and both work out a resolution within 90 days. The hacker then requests a reward from the program. Once it’s evaluated and found to meet Google’s criteria, the finder will be awarded $1000.

Today’s Storystream

Feed refreshed Sep 24 Not just you

E
External Link
Emma RothSep 24
California Governor Gavin Newsom vetoes the state’s “BitLicense” law.

The bill, called the Digital Financial Assets Law, would establish a regulatory framework for companies that transact with cryptocurrency in the state, similar to New York’s BitLicense system. In a statement, Newsom says it’s “premature to lock a licensing structure” and that implementing such a program is a “costly undertaking:”

A more flexible approach is needed to ensure regulatory oversight can keep up with rapidly evolving technology and use cases, and is tailored with the proper tools to address trends and mitigate consumer harm.


A
Youtube
Andrew WebsterSep 24
Look at this Thing.

At its Tudum event today, Netflix showed off a new clip from the Tim Burton series Wednesday, which focused on a very important character: the sentient hand known as Thing. The full series starts streaming on November 23rd.


Welcome to the new Verge

Revolutionizing the media with blog posts

Nilay PatelSep 13
A
The Verge
Andrew WebsterSep 24
Get ready for some Netflix news.

At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.


A
Andrew WebsterSep 24
Looking for something to do this weekend?

Why not hang out on the couch playing video games and watching TV. It’s a good time for it, with intriguing recent releases like Return to Monkey Island, Session: Skate Sim, and the Star Wars spinoff Andor. Or you could check out some of the new anime on Netflix, including Thermae Romae Novae (pictured below), which is my personal favorite time-traveling story about bathing.


A screenshot from the Netflix anime Thermae Romae Novae.
Thermae Romae Novae.
Image: Netflix
T
Twitter
Tom WarrenSep 23
Has the Windows 11 2022 Update made your gaming PC stutter?

Nvidia GPU owners have been complaining of stuttering and poor frame rates with the latest Windows 11 update, but thankfully there’s a fix. Nvidia has identified an issue with its GeForce Experience overlay and the Windows 11 2022 Update (22H2). A fix is available in beta from Nvidia’s website.


A
External Link
If you’re using crash detection on the iPhone 14, invest in a really good phone mount.

Motorcycle owner Douglas Sonders has a cautionary tale in Jalopnik today about the iPhone 14’s new crash detection feature. He was riding his LiveWire One motorcycle down the West Side Highway at about 60 mph when he hit a bump, causing his iPhone 14 Pro Max to fly off its handlebar mount. Soon after, his girlfriend and parents received text messages that he had been in a horrible accident, causing several hours of panic. The phone even called the police, all because it fell off the handlebars. All thanks to crash detection.

Riding a motorcycle is very dangerous, and the last thing anyone needs is to think their loved one was in a horrible crash when they weren’t. This is obviously an edge case, but it makes me wonder what other sort of false positives we see as more phones adopt this technology.


A
External Link
Ford is running out of its own Blue Oval badges.

Running out of semiconductors is one thing, but running out of your own iconic nameplates is just downright brutal. The Wall Street Journal reports badge and nameplate shortages are impacting the automaker's popular F-series pickup lineup, delaying deliveries and causing general chaos.

Some executives are even proposing a 3D printing workaround, but they didn’t feel like the substitutes would clear the bar. All in all, it's been a dreadful summer of supply chain setbacks for Ford, leading the company to reorganize its org chart to bring some sort of relief.