U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

New Google bug bounty allows reporting the abuses of Google API, Chrome, and Android user data

Recently, Google announced a new bug bounty program for experts that can report the abuses of Google API, Chrome, and Android user data. Google announced the Developer Data Protection Reward Program (DDPRP), a new bounty program aimed at security experts that discover data abuse issues in popular Android applications, OAuth projects, and Chrome extensions.  Researchers […]

Fragomen data breach

Recently, Google announced a new bug bounty program for experts that can report the abuses of Google API, Chrome, and Android user data.

Google announced the Developer Data Protection Reward Program (DDPRP), a new bounty program aimed at security experts that discover data abuse issues in popular Android applications, OAuth projects, and Chrome extensions. 

Researchers could report cases of data abuse in third-party apps that have access to the Google API, in Android apps listed on the Play Store, and in Chrome apps and extensions listed on the Chrome Web Store.

“It recognizes the contributions of individuals who help report apps that are violating Google Play, Google API, or Google Chrome Web Store Extensions program policies.” reads the announcement published by Google.

“The program aims to reward anyone who can provide verifiably and unambiguous evidence of data abuse, in a similar model as Google’s other vulnerability reward programs. In particular, the program aims to identify situations where user data is being used or sold unexpectedly, or repurposed in an illegitimate way without user consent.”

The bug bounty program is operated via the HackerOne platform.

Google will analyze every single case reported by the researchers and will offer rewards of up to $50,000 for effective abuses.

“If data abuse is identified related to an app or Chrome extension, that app or extension will accordingly be removed from Google Play or Google Chrome Web Store.” concludes Google. “In the case of an app developer abusing access to Gmail restricted scopes, their API access will be removed. While no reward table or maximum reward is listed at this time, depending on impact, a single report could net as large as a $50,000 bounty.”

Google also announced it will expand its Play Store bug bounty program to include any Android app in the official store that had over 100 million user installs. In this case, the tech giant will relay the vulnerabilities to app developers and if they will not able to address the issues, Google will remove them from the Play Store.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – bug bounty, Google)

[adrotate banner=”5″]

[adrotate banner=”13″]