Reportedly, Google is ready to pay security researchers who find verifiable and unambiguous proof of data abuse using its platforms.
Sincere efforts were taken by the company to identify users who misuse user data collected through Android apps or Chrome extensions — and to avoid its version of a scandal like Cambridge Analytica, which observed millions of Facebook profiles scraped and used to identify undecided voters during the U.S. presidential election in 2016.
According to the tech giant, anyone who identifies “situations where user data is being used or sold unexpectedly, or repurposed illegitimately without user consent” is eligible for its broad information abuse bug bounty.
“If data abuse is identified related to an app or Chrome extension, that app or extension will accordingly be removed from Google Play or Google Chrome Web Store,” read a blog post. “In the case of an app developer abusing access to Gmail restricted scopes, their API access will be removed.” The corporate said abuse of its developer APIs would also fall under the scope of the bug bounty.
Google said it isn’t offering a reward table yet but a single report of data misuse could net $50,000 in bounties.
News of the expanded bounty comes in the wake of the DataSpii scandal, which observed browser extensions scrape and share data from millions of users. These Chrome extensions uploaded web addresses and web page titles of every site a user visited, exposing private data like tax returns, patient data, and travel itineraries.
The tech giant was made to step in and suspend the offending Chrome extensions.
Instagram recently expanded its bug bounty to include misused user data following a spate of data incidents.