top | item 41317986

(no title)

will5421 | 1 year ago

Seems reasonable. App authors would’ve been “discovering” vulnerabilities in their own apps and asking Google to pay for them.

discuss

UncleMeat|1 year ago

The program was operated through HackerOne (at least the last time I looked at this thing back in like 2018), which does the basic due diligence to address things like this.

joemazerino|1 year ago

There's an app download requirement to prevent this.

ainiriand|1 year ago

Unfortunately it does not work that way. They are meant to be vulnerabilities exploiting Android through the app, not backdoors in the app. It is meant to secure the Android OS, not to secure the app.

a_dabbler|1 year ago

There's a separate program for bugs in the Android OS, this program did pay for finding bugs in the app to secure the app. Also the mitigation for people abusing the program is that they only pay for bugs in popular apps, it's unlikely for a major app dev to be backdooring their code just to try and scam this bounty program

paxys|1 year ago

Bug bounty programs for Android still exist. This one was specifically about finding vulnerabilities in apps themselves.