Google, one of the leading technology companies, has announced the launch of the Mobile VRP (Vulnerability Rewards Program) to discover vulnerabilities in its applications for the Android operating system. The purpose of the program is to ensure the safety of users and prevent possible attacks on their devices.
Application Test Groups
The Mobile VRP program will conduct research on applications developed and maintained by Google LLC, as well as applications developed in conjunction with Research at Google, Red Hot Labs, Google Samples, Fitbit LLC, Nest Labs Inc, Waymo LLC, and Waze. All applications were divided into three groups:
Group 1: Core Google Apps
- Google Play Services (com.google.android.gms)
- AGSA (com.google.android.googlequicksearchbox)
- Google Chrome (com.android.chrome)
- Google Cloud (com.google.android.apps.cloudconsole)
- Gmail (com.google.android.gm)
- Chrome Remote Desktop (com.google.chromeremotedesktop)
Group 2: Applications interacting with main applications
The second group includes applications that interact with packages from the first group, process user data and use Google services.
Group 3: Applications not related to company services
The third group includes applications not related to Google services.
Researchers reward
Google offers monetary rewards to researchers for identifying vulnerabilities in their applications, adds NIX Solutions. The amount of reward depends on the group to which the application belongs, with the maximum amount provided for vulnerabilities in applications from the first group. For example, for detecting remote code execution without interacting with the user profile in the application from the first group, the researcher will receive a reward of $30,000. The company is ready to pay up to $7,500 for remote theft of user data.
Google’s Mobile VRP program is an important step in keeping Android app users safe and incentivizing researchers to discover vulnerabilities to help prevent possible threats and attacks on users’ devices.