back to article Google takes a little more responsibility for its Android world, will cough up bounties for mega-popular app bugs

Google is expanding its Android bug-bounty program to cover not just holes in the web giant's apps but also vulnerabilities in third-party software – as long as they have more than 100 million installs. We're told that if an Android application's maker already runs their own bug bounty program, infosec peeps can still claim …

  1. Thicko

    75k in bounties in the last few months alone, spread across 1 million+ apps. Wow that's lucrative init!

  2. IGotOut
    Mushroom

    Where do I claim my reward?

    "Google also says it will cough up dosh for reports of bad behavior by apps and their coders: think applications improperly collecting, selling, or otherwise misusing, user and system data."

    I've found a huge set of apps on my phone that by default are set to slurp up and access data , as well as try to access parts of the phone completely unrelated to the application itself.

    It's some dodgy lawless app making company called Google.

  3. Claptrap314 Silver badge

    Obligatory

    "Google also says it will cough up dosh for reports of bad behavior by apps and their coders: think applications improperly collecting, selling, or otherwise misusing, user and system data"

    "that's our job"

  4. mark l 2 Silver badge

    How about Google give financial incentives to phone manufacturers to support Android on their devices for longer and release security updates for at least 2 or 3 years after release rather than the few months you might get now.

    1. Gonzo wizard

      "2 or 3 years after release"

      Or better still, a fixed period after a model is discontinued. Three years from a model being discontinued should be the absolute minimum for a phone who's hardware and battery should last for that length of time. Of course if a manufacturer ensures that their software is good quality and re-used across models then the cost of doing this drops significantly.

      But I'm not holding my breath.

  5. Anonymous Coward
    Anonymous Coward

    Why bother?

    We all know that Google will just let the dodgy apps back on it's cesspit of a store after the criminal devs remove the offending SDK's anyway.

    From what I've seen it's getting more difficult and time consuming because the malicious apps have started using encrypted DEX files and running only in memory using virtualization for evasion.

    No longer worth the time and effort just to see the same apps come back to the Play Store.

    I haven't looked but I bet that "Cam Scanner" app will be back on the Play Store soon if it isn't already.

    SMH

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019