Well, bugs are the cyber threat that compromises the security of website or applications. In order to counter these threats, several companies have started a program called Bug Bounty. According to this, any user who reports about bugs to these companies will be rewarded with some sort of prizes and compensation. Now everybody understands that this program is started in order to secure users’ systems from these bug threats. The bug bounty program is started by many famous I.T brands such as Google, Facebook, Microsoft, Yahoo, Mozilla and so on.
Apart from I.T sectors, to secure government information and Data, the government of various nations hires professional hackers who specialize in white hat techniques.
However, today we will deeply analyze the bug bounty program which was earlier started by Google.
Reason behind Bug Bounty Program
As we all know what Google play store is. Still, let me tell you, Google Play is a service, operated by Google. It provides their service as the official app store for Android operating system. Here Android users have permission to download applications.
Millions of apps in the Google Play Store have been infected by bugs which are complained by users.
Before understanding why Google has started the Bug Bounty Program for its play store, first we need to focus on what is the reason behind arising Bug issues in the applications downloaded from Google Play store.
The reason behind this issue is because every app developer has permission to publish his or her app on play store easily. Now Google has taken strict action regarding this. I already mentioned about it in my previous blog. From now developer has to wait for three days to get approval from Google then their app will publish on play store.
Google security standards of granting the approval of publishing are not that as high as compared to its rival Apple. On the other hand Apple always ranks security as its first priority.
So, we rarely see the bug issue in the applications downloaded or available on Apple App stores.
In order to counter this situation, Google has initiated a Google play reward program.
What is Bug Bounty by Google Play?
According to this program, Google rewards to those developers who identify the issues occurring in the applications in the play store.
When this initiative was taken by Google, it was only for the top 8 applications but now it has widened its coverage.
It has taken every app of Google play store who has achieved more than 100 million downloads under its umbrella.
Now, the developers have the opportunity to earn some money by discovering any bug issue in the Google play store apps.
If they are able to track a bug in the app and informed to Google, they can earn reward up to $ 20,000 based on Google play Reward program.
As I mentioned above that Bounty program established was by many firms, but earlier these programs were made for developers only who found security flaws on the firm’s owned program or software.
Although Google Bounty program differs in this aspect, it offers rewards for identifying flaws in the program of different firms as well.
It is a great initiative taken by Google as it allows developers to help many firms and companies in fixing the security flaws arising due to bugs.
Apart from this, Google is also starting its own Developer Data Protection Reward Program to tackle the data related to problems occurring in chrome extensions and android based applications.
In simple words, it means targeting the apps which are leaking user’s data without the permission of the user.
Once you uncover any such problem, you can earn up to $50,000 from the reward program of Google by reporting the issue to it. Besides this, Google will also remove that application from both Play Store and Chrome web store.
Rules of reporting bug issues or security flaws to the Google Play Bounty Program
- –The developers who had made commitment or promise of fixing bugs issues are allowed to take part in the program.
- – Any developers who take part in this program reside with the responsibility of fixing bug issues properly as per deadline.
- – Since Google play security reward program started in collaboration with Hackerone. So, all reports subject to Hacker One’s divulgence rules.
- – In case of copied or duplicate reports only the first report was eligible for being rewarded or granting bounty.
- – Also, keep one thing in mind that Bounties or amount of rewards is not fixed.
- – It can be increased and decreased according to the situations or reports you have submitted.
By going through the above-mentioned points, we can say that Google Bounty program has provided the opportunity for developers to earn additional income. However, Google doesn’t need to take this initiative if they have amended their ways earlier.
Well, I’m talking about the security aspects right from the beginning when they launched Android platform which improved their policies regarding security features. So, just like Apple they also had become trusted and secure platforms.
Unfortunately, due to the profit mentality, they favor quantity over quality. This resulted in arriving on a situation when they had to launch this program. Besides this, Google Bounty program is also helping other firms and companies by revealing the bug issues in their program.
Hopefully you found this article informative and interesting too. We will be back soon with another interesting articles. Till then get in touch with us. Keep reading, keep sharing!!!