Google partners with HackerOne, introduces Play Security Reward Program

To incentivize security research into popular Android apps, the search giant has introduced the Google Play Security Reward Program.

"Through our collaboration with independent bug bounty platform, HackerOne, we'll enable security researchers to submit an eligible vulnerability to participating developers, who are listed in the program rules," Google said in its blog post.

After the vulnerability is addressed, the eligible researcher submits a report to the Play Security Reward Program to receive a monetary reward from Google Play, it said.

To recognize the valuable external contributions that help us keep our users safe online, we maintain reward programs for Google-developed websites and apps, for Chrome and Chrome OS, and for the latest version of Android running on Pixel devices, post added.

These programs have been a success and helped uncover hundreds of vulnerabilities, while also paying out millions of dollars to participating security researchers and research teams.

However, the program is limited to a select number of developers at this time to get initial feedback. Developers can contact their Google Play partner manager to show interest.

All developers will benefit when bugs are discovered because we will scan all apps for them and deliver security recommendations to the developers of any affected apps, the post added.

With the ongoing success of our other reward programs, we invite developers and the research community to work together with us on proactively improving the security of some of the most popular Android apps on Google Play.