Google is grappling with the outbreak of data-abusive apps on its platforms, with instances like the Cambridge Analytica scandal, which affected the Facebook app, whereby users data were sold purposely, albeit illegitimately without the users consent.
The company in a bid to contain the situation has announced the expansion of it's vulnerability reward program, which includes: the Developer Data Protection Reward Program (DDPRP), and the Verifiably & Unambiguous Evidence of data abuse in Android apps and Chrome extensions; also now extended to the OAuth projects.
It has also expanded the scope of the Google Play Security Rewards Program (GPSRP) to include all apps on Google Play Store with over 100 million installs, and offering help to affected developers in fixing such vulnerabilities through responsive disclosures.
Getting Bounty by Finding Data-Abusive Chrome & Android Apps
Whenever a developer reports a data abuse related to any Android app or Chrome extension, which app or extension will be liable for removal from the Play Store or Chrome Web Store; though no reward table is listed at the moment, but depending on the severity of impact, it could net as much as $50,000 for a bounty reward.
The reward is aimed for just anyone who is able to provide a verifiable and unambiguous evidence of data abuse, which measures will help Google to thwart malicious apps and Chrome extensions that abuse users' data on its platforms, and also beef up security on the Play Store.
The program will open door for researchers to help in identifying and fixing vulnerabilities in apps, and if any developer succeeds in pinpointing an abuse on its own apps, will also receive rewards directly from Google. That will encourage more app developers to start checking their own apps, and to disclose possible vulnerability or bug; which validates the bounty program's working directly with the developer community.