The name of the new bounty program will be "Developer Data Protection Reward Program (DDPRP)». As mentioned above, researchers will be able to report cases in which third parties applications, who have access to the Google API, Android apps (included in the Play Store), and Chrome apps and extensions (available in the Chrome Web Store) are trying to abuse data.
This program aims primarily to detect cases of abuse or sale of their data users without their consent.
A second goal, though, is to reward them researchers who discover and report suspicious activities with sufficient evidence.
Researchers will be able to report such incidents via the DDPRP page on HackerOne, a bug bounty platform, which Google uses to run some of its bounty programs. Google aims to investigate all cases of abuse and suspend all dangerous applications.
According to Google, Investigators that will bring valid data abuse reports will be rewarded with large sums of money (up to 50.000 $).
Following his example Facebook
For example, in April of 2018, after the scandal Cambridge Analytica, Facebook had announced it would offer big rewards to researchers who would discover similar applications that secretly collect and misuse platform user data.
In August, Facebook decided to use the same program to report instances of abuse related to Instagram.
Although Google has not encountered any serious incidents of personal data breach, it has decided to launch this bug bounty program preventively. After all, he manages one huge amount of personal data and is responsible for protecting them. The attacks on cyberspace is a very common phenomenon and the largest companies and businesses have fallen victim to unscrupulous hackers.
An infringement incident, similar to Facebook, could damage the company's reputation.
Also, the Play Store bug bounty program Google will now include any Android app that has over 100 millions of users. Researchers can now report to Google the bugs they detect in these applications. Its manufacturer Android OS will monetize researchers who provide valid bug reports, even if these applications do not have their own bug bounty programs.
How useful was this post?
Average rating / 5. Vote count: