Updated News Around the World

Google: Google rolls out bug bounty program for its Android apps: All the details – Times of India

Google has launched a new bug bounty program for its Android apps. Under the Mobile Vulnerability Rewards Program (Mobile VRP), the tech giant will pay security researchers for flaws found in first-party apps. The official Twitter account of Google VRP has also shared a post announcing the latest bug bounty program. “We are excited to announce the new Mobile VRP! We are looking for bughunters to help us find and fix vulnerabilities in our mobile applications,” the tweet reads.
The post also includes a link to the page that includes the rules of the Google Mobile VRP. In this blog post, the company has mentioned that the main goal behind the Mobile VRP is to speed up the process of finding and fixing weaknesses in first-party Android apps. This includes apps that are primarily developed or maintained by Google.
Apps that fall under Google Mobile VRP
The apps that come under Google’s Mobile VRP are developed by Google LLC or are developed with Google. It also includes apps that are researched at Google, Red Hot Labs, Google Samples, Fitbit LLC, Nest Labs Inc, Waymo LLC, and Waze.
Google has also divided the apps in three tiers. Tier 1 Android apps include apps like — Google Play Services, AGSA, Google Chrome, Google Cloud, Gmail and Chrome Remote Desktop.
The company has also detailed the vulnerabilities that will qualify for the bug bounty program. It includes flaws that allows arbitrary code execution (ACE) and theft of sensitive data. The admissible security flaws also include weaknesses that could be chained with other vulnerabilities that can lead to a similar impact.

Google has confirmed that it will reward a maximum of $30,000 for bugs that allow remote code execution without user interaction and up to $7,500 for flaws that allow hackers to steal sensitive data remotely.

Category 1) Remote/No User Interaction 2) User must follow a link that exploits the vulnerable app 3) User must install malicious app or victim app is configured in a non-default way 4) Attacker must be on the same network (e.g. MiTM)
Arbitrary Code Execution $30,000 $15,000 $4,500 $2,250
Theft of Sensitive Data $7,500 $4,500 $2,250 $750
Other Vulnerabilities $7,500 $4,500 $2,250 $750

“The Mobile VRP recognises the contributions and hard work of researchers who help Google improve the security posture of our first-party Android applications. The goal of the program is to mitigate vulnerabilities in first-party Android applications, and thus keep users and their data safe.” Google noted.

function loadGtagEvents(isGoogleCampaignActive) { if (!isGoogleCampaignActive) { return; } var id = document.getElementById('toi-plus-google-campaign'); if (id) { return; } (function(f, b, e, v, n, t, s) { t = b.createElement(e); t.async = !0; t.defer = !0; t.src = v; t.id = 'toi-plus-google-campaign'; s = b.getElementsByTagName(e)[0]; s.parentNode.insertBefore(t, s); })(f, b, e, 'https://www.googletagmanager.com/gtag/js?id=AW-877820074', n, t, s); };

window.TimesApps = window.TimesApps || {}; var TimesApps = window.TimesApps; TimesApps.toiPlusEvents = function(config) { var isConfigAvailable = "toiplus_site_settings" in f && "isFBCampaignActive" in f.toiplus_site_settings && "isGoogleCampaignActive" in f.toiplus_site_settings; var isPrimeUser = window.isPrime; if (isConfigAvailable && !isPrimeUser) { loadGtagEvents(f.toiplus_site_settings.isGoogleCampaignActive); loadFBEvents(f.toiplus_site_settings.isFBCampaignActive); } else { var JarvisUrl="https://jarvis.indiatimes.com/v1/feeds/toi_plus/site_settings/643526e21443833f0c454615?db_env=published"; window.getFromClient(JarvisUrl, function(config){ if (config) { loadGtagEvents(config?.isGoogleCampaignActive); loadFBEvents(config?.isFBCampaignActive); } }) } }; })( window, document, 'script', );

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.