Google is introducing the Mobile Vulnerability Rewards Program (Mobile VRP) to find and fix vulnerabilities in its Android apps.
Purpose of the program and its scope
The main goal of Mobile VRP is to improve the security and protection of users of Android applications developed and maintained by Google. The program includes applications created by Google LLC, Developed with Google, Research at Google, Red Hot Labs, Google Samples, Fitbit LLC, Nest Labs Inc, Waymo LLC, and Waze.
Apps eligible for rewards
The list of applications included in the program includes “first-tier applications” for Android such as Google Play Services, AGSA, Google Chrome, Google Cloud, Gmail, and Chrome Remote Desktop.
Types of vulnerabilities and rewards
Mobile VRP rewards security researchers for discovering vulnerabilities that allow arbitrary code execution and sensitive data. In addition, vulnerabilities related to permission errors, file writing, intent redirection, and deferred intent security are also rewarded.
Record payouts and contributions from researchers
Google actively rewards security researchers through VRP programs. Over the past years, the company has paid out millions of dollars for discovering over 15,000 vulnerabilities, including a record $605,000 for an Android exploit chain.
Continuous pursuit of safety
Google continues to invest heavily in Android app security, concludes NIXSolutions. Mobile VRP is one of the initiatives to detect and fix vulnerabilities while protecting users and their data.