Google renews its ‘Mobile VRP’ program so that any computer security researcher can earn money by reporting security flaws in all its mobile applications.
It is increasingly dangerous to use services onlineand yet, more and more services of our lives are managed on the Internet. Therefore, it is logical that as a nemesis of the groups and mafias of computer hackers those were born hackers ethics that help us by discovering vulnerabilities in practically all the systems and applications that we use on a daily basis.
In the case of Google, it is clear that their programs bug hunters do they workand that despite the Mountain View giant costs a ton to maintain them (some of the vulnerabilities reported they have even paid up to $70,000), then only in 2022 no fewer than 696 security issues were resolved thanks to hackers ethical that work around the Google-Android ecosystem.
In 2023 the race will not stop, and it is that following the track of computer beepwe already know that he Mobile Vulnerability Bounty Program (‘Mobile VRP’) will extend its validity paying handsome amounts of money to researchers and security experts around the world who detect and report vulnerabilities and bugs in all Android apps of the Californian company.
So announced it on social media of the program ‘Mobile VRP’ the Google:
We are excited to announce the new ‘Mobile VRP’! We are looking for bug hunters to help us find and fix vulnerabilities in our mobile apps.
We are excited to announce the new Mobile VRP! We are looking for bug hunters to help us find and fix vulnerabilities in our mobile apps. https://t.co/HDs1hnGpbH
— Google VRP (Google Bug Hunters) (@GoogleVRP) May 22, 2023
The list of applications that enter the program and will allow income to be hackers ethics is enormous, since there are not only those that appear in the Play Store as developed by Google LLCbut also all others made in your ecosystem or by its subsidiaries: Developed with Google, Google research, Red Hot Labs, google swatches, Fitbit LLC, Nest Laboratories Inc., Waymo LLC and Waze.
Of course, not everything will be equal, but there will be several levels according to which different amounts of money will be distributedbeing the packages that follow those of the first level:
- Google Play Services (com.google.android.gms)
- AGSA ( AGSA )com.google.android.googlequicksearchbox)
- Google Chrome (com.android.chrome)
- Google Cloud (com.google.android.apps.cloudconsole)
- Gmail (com.google.android.gm)
- Chrome Remote Desktop (com.google.chromeremotedesktop)
Additionally, there will also be different types of qualifying rulings, such as those that allow arbitrary code execution and the weaknesses that can be chained with other faults to generate similar impacts, theft of confidential dataorphaned permissions, path crossings leading to file writing, intent redirects that can be exploited to launch components or apps and all kinds of errors caused by unsafe use or pending attempts.
The rewards will go from 750 to 30,000 dollars depending on the type of error detected and the app involved, in order to “recognize the contributions and work of all researchers who help Google improve the security of its applications”.
Since the beginning of the programs ‘Mobile VRP’ the Google and 2010, the Mountain View giant has distributed more than 50 million dollars to thousands of ‘bug hunters’ that have reported more than 15,000 vulnerabilities in these 13 years.
The thing has been growing, well only in 2022 some 12 million dollars were delivered of those 50 million accumulated in 13 years, including the record in a single vulnerability which involved an Android exploit chain of several chained security bugs, for which the researcher was paid no less than the amount of $605,000 Nothing despicable.
If you have notions and you like ‘ethical hacking’, here is one more reason to continue training and researching!