ZDNet reports that a number of new positions have been added to Google’s job list. The fact is that Google appears to be recruiting a team of Android security experts that will be looking for vulnerabilities in critical applications from the Google Play Store.
According to Sebastian Porst, software development manager for Google Play Protect, the products that the new team will focus on include COVID-19 contact tracing apps as well as election-related apps.
“As a Security Engineering Manager in Android Security […] Your team will perform application security assessments against highly sensitive, third party Android apps on Google Play, working to identify vulnerabilities and provide remediation guidance to impacted application developers”, — says a new Google job listing posted on last week
In fact, Google experts will continue the job what independent researchers are currently doing as part of the bug bounty of the Google Play Security Reward program.
Let me remind you that this initiative encourages the search for bugs in third-party applications from the Google Play Store, and Google experts accept bug reports and pay rewards on behalf of the application owners.
At the same time, the existing bug bounty program is limited to applications with more than 100,000 users. However, applications that work with confidential data, as well as those related to critical tasks, do not always meet the conditions of the Google Play Security Reward, which means they are unlikely to be checked by bug hunters.
ZDNet asked Lukáš Štefanko, a mobile malware analyst from the Slovak information security company ESET, to comment on these Google actions.
“Definitely it was a good move. Finding serious security issues is not easy and takes a lot of time and experience”, — said Lukáš Štefanko, while being asked to describe Google’s latest efforts.
According to the expert, having a dedicated team ensures that information security professionals will do their best to find applications that may go unnoticed and may ultimately be exploited by cybercriminals with devastating consequences.
So far, however, it is not clear if Google expects plan completely close the Google Play Security Reward program in this way, or will simply add to it new features.
Let me remind you that recently Researcher Earned $10,000 by Finding XSS Vulnerability in Google Maps.