If the Google Play Security Reward Programme doesn't seem like a typical bug bounty programme, that's because it isn't.
Yes, hackers will be on the hunt for vulnerabilities. And, yes, they'll reap rewards for finding them. But the Google Play Security Reward Programme represents the first time top Android app developers are being asked establish public-facing vulnerability disclosure programmes on the HackerOne platform…with Google Play picking up the tab for bonus bounties of US$ 1,000 (£762) for any vulnerability that qualifies.
“The goal of the programme is to further improve app security which will benefit developers, Android users, and the entire Google Play ecosystem,” according to a HackerOne post.
Already, a number of apps are included in the programme. But the programme isn't confined to third-party apps – Google will include first-party apps in the initiative as well.
As the Android ecosystem evolves, we continue to invest in leading-edge ideas to strengthen security,” Vineet Buch, director of product management at Google Play, said in a statement. “Our goal is continue to make Android a safe computing platform by encouraging our app developers and hackers to work together to resolve unknown vulnerabilities, we are one step closer to that goal.”