Google takes a little more responsibility for its Android world, will cough up bounties for mega-popular app bugs Google is expanding its Android bug-bounty program to cover not just holes in the web giant's apps but also vulnerabilities in third-party software – as long as they have more than 100 million installs. We're told that if an Android application's maker already runs their own bug bounty program, infosec peeps can still claim …
"Google also says it will cough up dosh for reports of bad behavior by apps and their coders: think applications improperly collecting, selling, or otherwise misusing, user and system data."
I've found a huge set of apps on my phone that by default are set to slurp up and access data , as well as try to access parts of the phone completely unrelated to the application itself.
It's some dodgy lawless app making company called Google.
Or better still, a fixed period after a model is discontinued. Three years from a model being discontinued should be the absolute minimum for a phone who's hardware and battery should last for that length of time. Of course if a manufacturer ensures that their software is good quality and re-used across models then the cost of doing this drops significantly.
But I'm not holding my breath.
We all know that Google will just let the dodgy apps back on it's cesspit of a store after the criminal devs remove the offending SDK's anyway.
From what I've seen it's getting more difficult and time consuming because the malicious apps have started using encrypted DEX files and running only in memory using virtualization for evasion.
No longer worth the time and effort just to see the same apps come back to the Play Store.
I haven't looked but I bet that "Cam Scanner" app will be back on the Play Store soon if it isn't already.
SMH
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
