Google recently announced the launch of its new Developer Data Protection Reward Program (DDPRP) and the expansion of Google Play Security Reward Program (GPSRP), which are intended to detect and mitigate data abuse issues in Chrome plugins, Android apps, and OAuth projects. Google started its vulnerability rewards program in 2010, which offers cash rewards to security researchers who report flaws in Google code.
The search engine giant stated that it’s joining hands with bug bounty platform HackerOne to launch the new bug bounty program. According to Google, bug hunters are required to identify situations like – selling user’s data or illegitimate use of it. The bug reporters will be rewarded with a maximum bounty worth US$ 50,000.
“We’re constantly looking for ways to further improve the security and privacy of our products, and the ecosystems they support. At Google, we understand the strength of open platforms and ecosystems, and that the best ideas don’t always come from within. It is for this reason that we offer a broad range of vulnerability reward programs, encouraging the community to help us improve security for everyone,” Google said in a statement.
Google recently raised bounties for Chrome and Google Play bugs, making them more lucrative to security researchers. The company stated that they’ve received around 8,500 vulnerability reports and paid rewards over US$ 5 million (£4 million).
According to Google’s Chrome security experts Natasha Pabrai and Andrew Whalley, the company has doubled the maximum reward on High-Quality Reports from US$15,000 (£12,000) to US$30,000 (£24,000) and tripled the baseline reward amount from US$5000 (£4 million) to US$15,000 (£12,000) for good measure.