Neowin: Google’s bug bounty program for Android can now pay up to $1.5 million for a single exploit. “Google’s Android Security Rewards Program has been around since 2015, and resulted in millions of dollars paid to security researchers who exploit issues on the mobile operating system. Today, the company is expanding the rewards researchers can get, and the most notable addition is a new reward that can be worth as much as $1.5 million.”
TechCrunch: Google to pay security researchers who find Android apps and Chrome extensions misusing user data. “Google said it will pay security researchers who find ‘verifiably and unambiguous evidence’ of data abuse using its platforms. It’s part of the company’s efforts to catch those who misuse user data collected through Android apps or Chrome extensions — and to avoid its own version of a scandal like Cambridge Analytica, which saw millions of Facebook profiles scraped and used to identify undecided voters during the U.S. presidential election in 2016.”
Lifehacker: Earn Thousands of Dollars for Finding Bugs in Facebook’s Libra Cryptocurrency. “While we’re still waiting on a specific release date for Facebook’s upcoming cryptocurrency, Libra, the company is aiming for an early 2020 release. That gives you plenty of time to find bugs in the currency’s infrastructure—a project that could reward you handsomely.”
CNET: Instagram will pay researchers to uncover abuse of users’ personal data. “Instagram will pay a bounty to security researchers who find evidence that third-party apps are misusing your personal data. The program aims to encourage experts outside of Instagram and its parent company Facebook to tackle a major problem the social network faces: apps that scrape user data or try to trick you into sharing passwords and other sensitive information.”
The Register: Git money, git paid: GitHub waves larger wads of dollar bills to tempt bug hunters . “Social code storage biz GitHub, now a ward of Microsoft, on Tuesday divulged plans to make itself more attractive to hackers by flashing larger sums of cash and offering better indemnity.”
Mashable: FaceTime bug teenager is eligible for bug bounty payout. “The rather serious FaceTime bug widely reported about last week left Apple a little red-faced and one 14-year-old (and his mother) hoping Apple would give him some credit for discovering it. Now it looks like he’s going to get a big payout from Apple’s bug bounty program.”
Ubergizmo: Hyatt Hotels Launches Its Own Bug Bounty Program. “It’s common for tech companies to have a bug bounty program. That allows them to tap into the incredible talents of whitehat hackers who disclose vulnerabilities in their systems in exchange for a reward. Hyatt Hotels isn’t a tech company, it’s a major hospitality chain. However, in light of the recent card-skimming attacks against its properties, the hotel chain has launched its own bug bounty program.” Considering how many hotels and hospitality businesses get hacked, I think this is a great idea.