Now Report a Bug on Popular Mobile App and get paid 

Policy

Google Play is working with the independent bug bounty platform, HackerOne, and the developers of popular Android apps to implement the Google Play Security Reward Program. Developers of popular Android apps are invited to opt-in to the program, which will incentivize security research in a bug bounty model. The goal of the program is to further improve app security which will benefit developers, Android users, and the entire Google Play ecosystem. To find out about other Android security initiatives, visit the Android Security Center.

How does it work?

At a high level, the process will look like this:
  • Hacker identifies vulnerability in an in-scope app and reports it directly to the app’s developer via their current vulnerability disclosure process.
  • App developer works with the hacker to resolve the vulnerability.
  • Once the vulnerability has been resolved, the hacker requests a reward from the Google Play Security Reward Program.
  • Android Security team issues an additional reward to the hacker to thank them for improving security within the Google Play ecosystem.

Program Rules


  • All vulnerabilities must always be reported directly to the app developer first. This program is only for requesting bonus bounties after the original vulnerability was resolved with the app developer.
  • Only developers who have expressed a commitment to fixing bugs which are disclosed to them have been invited to the program. It is the responsibility of each developer to respond and fix bugs in a timely manner.
  • Follow HackerOne's disclosure guidelines.
  • Please provide detailed reports with the requested information in the submit report form. Reports not containing the required information and that do not meet the criteria for this program will not be eligible for a reward.
  • When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced).
  • Multiple vulnerabilities caused by one underlying issue reported to same developer will be awarded one reward
  • We aim to be fair; all reward amounts are at our discretion.

Report Bugs

One of the easiest and most effective ways you can help improve Android is to file bugs. For more information, visit the Reporting Bugs page.
Please note that we can't guarantee that any particular bug will be fixed in any particular release. To see what happens to your bug once you report it, read Life of a Bug.
Source 1 : https://hackerone.com/googleplay
Source 2: https://source.android.com/source/contributing