75k in bounties in the last few months alone, spread across 1 million+ apps. Wow that's lucrative init!
Google takes a little more responsibility for its Android world, will cough up bounties for mega-popular app bugs
Google is expanding its Android bug-bounty program to cover not just holes in the web giant's apps but also vulnerabilities in third-party software – as long as they have more than 100 million installs. We're told that if an Android application's maker already runs their own bug bounty program, infosec peeps can still claim …
Friday 30th August 2019 01:39 GMT IGotOut
Where do I claim my reward?
"Google also says it will cough up dosh for reports of bad behavior by apps and their coders: think applications improperly collecting, selling, or otherwise misusing, user and system data."
I've found a huge set of apps on my phone that by default are set to slurp up and access data , as well as try to access parts of the phone completely unrelated to the application itself.
It's some dodgy lawless app making company called Google.
Friday 30th August 2019 09:44 GMT mark l 2
Friday 30th August 2019 14:22 GMT Gonzo wizard
"2 or 3 years after release"
Or better still, a fixed period after a model is discontinued. Three years from a model being discontinued should be the absolute minimum for a phone who's hardware and battery should last for that length of time. Of course if a manufacturer ensures that their software is good quality and re-used across models then the cost of doing this drops significantly.
But I'm not holding my breath.
Saturday 31st August 2019 03:27 GMT Anonymous Coward
We all know that Google will just let the dodgy apps back on it's cesspit of a store after the criminal devs remove the offending SDK's anyway.
From what I've seen it's getting more difficult and time consuming because the malicious apps have started using encrypted DEX files and running only in memory using virtualization for evasion.
No longer worth the time and effort just to see the same apps come back to the Play Store.
I haven't looked but I bet that "Cam Scanner" app will be back on the Play Store soon if it isn't already.