D0 IT ALL BUSINESS Google is bringing out a bug bounty program that will flag up and fix buggy or troublesome applications while also awarding the person who discovered it.
The program is managed by HackerOne, which often does this kind of thing. We thought that Google would have a pretty comprehensive list of coverage by now, but we did also hear this week about a new bot that was piggybacking on Minecraft mods to mine cryptocurrencies from all the way inside the Play Store.
"Google Play is working with the independent bug bounty platform, HackerOne, and the developers of popular Android apps to implement the Google Play Security Reward Program. Developers of popular Android apps are invited to opt-in to the program, which will incentivize security research in a bug bounty model," says HackerOne.
"The goal of the program is to further improve app security which will benefit developers, Android users, and the entire Google Play ecosystem."
Not all apps are to be created equal and not all get the big critical vulnerability awards. Tinder and Dropbox do, if they mean anything to you, as does SnapChat.
On the money front, there is not a lot to play around with, but it is still not to sniffed at.
"The Play Security Rewards Program will evaluate each submission based on the above Vulnerability Criteria and reward accordingly," says HackerOne.
"A reward of $1000 will be rewarded for issues that meet these criteria. Any and all reward decisions are ultimately at the discretion of the Google Play Security Rewards Program."
This is low when you consider what kinds of bounties are handed out elsewhere, but perhaps Google is half hoping that the developers have made their best efforts at their ends.
The sort of problems that concern Google includes ones that enable phishing attacks, and full control from an outsider. Which no-one wants. µ
This column could make you very poor
Firm beats out rival bids from Motorola and Sepura
Battery will help stock blackouts in South Australia
The early bird catches the spud. Perhaps she was a potato clock?