Google wants to pay you for finding security flaws in its biggest Android apps

You could earn up to $30k by finding Android bugs

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Googlehas announced a new Android bug bounty program offering rewards in the tens of thousands for those looking to try out their expertise.

The new Mobile Vulnerability Reward Program (VRP) was announced onTwitter, where the company noted, “We are excited to announce the new Mobile VRP! We are looking for bughunters to help us find and fix vulnerabilities in our mobile applications.”

According to the program summary, first-party Android apps are the key focus of this Mobile VRP, where vulnerabilities are hoped to be found and eliminated to keep users’ data safe.

Android bug bounty program

Tier 1 applications are considered in scope for the program, comprisingGoogle PlayServices, AGSA, Google Chrome, Google Cloud, Gmail, and Chrome Remote Desktop.

Beyond the above, Tier 1 apps, the program also considers apps made by the following developers: Google LLC, Developed with Google, Research at Google, Red Hot Labs, Google Samples,FitbitLLC, Nest Labs Inc., Waymo LLC, Waze.

These are the best malware removal tools>Google paid its highest-ever bug bounty last year>Google will now pay bounties for open source software bugs

Rewards start at $500, which applies to the theft of sensitive data or other vulnerabilities in Tier 3 applications, whereby the attacker was found to be on the same network. Remote arbitrary code execution offers the most lucrative reward, whereby prizes are rated at $30,000, $25,000, and $20,000 for Tiers 1, 2, and 3 respectively.

Additionally, the program’s panel has been authorized to award discretionary $1,000 bonuses for various reasons, like “for a particularly surprising vulnerability, or an exceptional writeup.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

As well as arbitrary code execution and the theft of sensitive data, the Mobile VRP states that other vulnerabilities “will be taken into consideration if they are shown to have a security impact.”

Examples of non-qualifying discoveries, along with more detailed information about the program, can be found on the Mobile VRPwebsite.

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Your doctor may have an AI assistant taking notes during your next Zoom call