Google mentioned it would pay safety researchers who discover “verifiably and unambiguous evidence” of knowledge abuse utilizing its platforms.
It’s a part of the corporate’s efforts to catch those that misuse person knowledge collected by means of Android apps or Chrome extensions — and to keep away from its personal model of a scandal like Cambridge Analytica, which noticed hundreds of thousands of Fb profiles scraped and used to determine undecided voters in the course of the U.S. presidential election in 2016.
Google mentioned anybody who identifies “situations where user data is being used or sold unexpectedly, or repurposed in an illegitimate way without user consent” is eligible for its expanded knowledge abuse bug bounty.
“If data abuse is identified related to an app or Chrome extension, that app or extension will accordingly be removed from Google Play or Google Chrome Web Store,” learn a weblog put up. “In the case of an app developer abusing access to Gmail restricted scopes, their API access will be removed.” The corporate mentioned abuse of its developer APIs would additionally fall underneath the scope of the bug bounty.
Google mentioned it isn’t offering a reward desk but however a single report of knowledge misuse may internet $50,000 in bounties.
Information of the expanded bounty comes within the wake of the DataSpii scandal, which noticed browser extensions scrape and share knowledge from hundreds of thousands of customers. These Chrome extensions uploaded internet addresses and webpage titles of each web site a person visited, exposing delicate knowledge like tax returns, affected person knowledge, and journey itineraries.
Google was pressured to step in and droop the offending Chrome extensions.
Instagram just lately expanded its personal bug bounty to incorporate misused person knowledge following a spate of knowledge incidents,