$50,000 up for grabs for reporting data abuse in Play store

Google today announced the launch of Developer Data Protection Reward Program. It is a bounty program that will help Google to identify and mitigate data abuse issues in Android apps, OAuth projects, and Chrome extensions. You can get rewarded if you provide an evidence of data abuse. You can get reward up to $50,000.

For example, you can report a Google Play app, if the app that has permissions to the SMS permission group shares that data with a third party for advertising purposes. You can also report the app if it accesses user’s inventory of installed apps and doesn’t treat this data as sensitive data subject to the Privacy Policy requirements.

Examples of violations include:

  • An app providing travel services, using or transferring user data unrelated to travel.
  • An app transferring user data to affiliates to help develop new products.
  • An app using or sharing user data for the purpose of targeting that user with advertisements.
  • An app developer allowing employees to read user data without the user’s permission .
  • An extension that has no interactive UI elements exposed to the user, but collects web browsing activity in the background for another purpose, including providing rewards to the user
  • Any extension that publicly discloses authentication, payment, or financial information (for example, sending this data over HTTP)
  • An extension whose sole marketed purpose is to add themes to popular social media sites, but also anonymously scrapes the number of friends a user has, for sale or research purposes, and does not have a prominent disclosure to its users
  • An app that accesses a user’s phone or contact book data and doesn’t treat this data as personal or sensitive data subject to the Privacy Policy, Secure Transmission, and Prominent Disclosure requirements. (E.g. metadata around who you’ve called or texted, timestamps of these communications, etc.)
  • Using contact data without user permission for another service unrelated to the original app (e.g. requesting contact information, then reusing it for a separate business or application unrelated to the original app).

Learn more about this program here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.