Google announced the Developer Data Protection Reward Program (DDPRP), a new bounty program aimed at security experts that discover data abuse issues in popular Android applications, OAuth projects, and Chrome extensions.
Researchers could report cases of data abuse in third-party apps that have access to the Google API, in Android apps listed
“It recognizes the contributions of individuals who help report apps that are violating Google Play, Google API, or Google Chrome Web Store Extensions program policies.” reads the announcement published by Google.
“The program aims to reward anyone who can provide
The bug bounty program is operated via the HackerOne platform.
Google will analyze every single case reported by the researchers and will offer rewards of up to $50,000 for effective abuses.
“If data abuse is identified related to an app or Chrome extension, that app or extension will accordingly be removed from Google Play or Google Chrome Web Store.” concludes Google. “In the case of an app developer abusing access to Gmail restricted scopes, their API access will be removed. While no reward table or maximum reward is listed at this time, depending on impact, a single report could net
Google also announced it will expand its Play Store bug bounty program to include any Android app in the official store that had over 100 million user installs. In this case, the tech giant will relay the vulnerabilities to app developers and if they will not able to address the issues, Google will remove them from the Play Store.