The company announced the details of its Mobile Vulnerability Reward Program (VRP) on Twitter. The purpose of the program is to keep user data more secure, find and eliminate security vulnerabilities in first-party Android applications. Google offers the opportunity to pay people who find bugs with a program it offers to those who want to test their knowledge in this way. Rewards range from $500 to $30,000 depending on the level of violation.
Within the scope of the Mobile Vulnerability Reward Program (VRP) provided by Google; Google Play services include AGSA, Google Chrome, Google Cloud, Gmail and Chrome Remote Desktop. Applications will be evaluated on a first come, first served basis.
In addition, apps made by developers are also rated. These applications are; Google LLC; It was developed with Google, Google Research, Red Hot Labs, Google Samples, Fitbit LLC, Nest Labs Inc., Waymo LLC, and Waze. The amounts paid by the company for the errors found are divided into stages. Based on this; "Tier 3" applications where the attacker is on the same network are paid $500 for sensitive data theft or other security vulnerabilities. This amount is determined as the minimum amount that the company will pay.
According to a company publication, arbitrary remote code execution offers the best prize. According to the statement, Google pays 30 thousand dollars for level 1; It gives $25,000 for level 2 and $20,000 for level 3.
Also, depending on the initiative of the company, people can get a bonus of $ 1000.