ALSO READGoogle Play Protect for resilience against malicious apps, thefts goes live 800 Google Play Store apps infected by 'Xavier' that leaks user information Now, personalise your music experience with Google's 'New Release Studio' Microsoft releases 'Face Swap' app for Android Google removes over 500 'spying' apps from Play Store
"The Google Play Security Reward Programme recognises the contributions of security researchers who invest their time and effort in helping us make apps on Google Play more secure," the tech giant said on its website late on Thursday.
All Google's apps are included and developers of popular Android apps are invited to opt-in to the programme being run in partnership with HackerOne.
For now, the scope is limited to RCE (remote-code-execution) vulnerabilities and corresponding POCs (Proof of concepts) that work on Android 4.4 devices and higher.
"This translates to any RCE vulnerability that allows an attacker to run code of their choosing on a user's device without user knowledge or permission," Google said.
This is how it works.
Researcher identifies vulnerability within an in-scope app and reports it directly to the app's developer via their current vulnerability disclosure or bug bounty process.
App developer then works with the researcher to resolve the vulnerability.
Once the vulnerability has been resolved, the researcher requests a bonus bounty from the Google Play Security.
"The programme will evaluate each submission based on the vulnerability criteria. A reward of $1,000 will be rewarded for issues that meet this criterion," Google said.
"We are unable to issue rewards to individuals who are on US sanctions lists or who are in countries (Crimea, Cuba, Iran, North Korea, Sudan and Syria)," it added.