Google is offering security researchers a $1,000 (£760) bounty if they can successfully hack apps on its Play Store and help fix them.

Bug bounty programmes are a popular way for companies to reward hackers who find vulnerabilities in their software and disclose them to developers so they can be fixed rather than exploited.

The focus on app security comes as Google launches its new Pixel 2 and Pixel 2 XL smartphones, which run on Android.

Google has been criticised for what has been seen as the poor security moderation of its Play Store.

Research by security company Check Point suggested that Google's automated system failed to detect 50 malware apps which were downloaded up to 4.2 million times before being removed.


Malware does not only affect the Play Store, but due to how open the Android operating system is compared to Apple's iOS - which is tightly controlled by its makers in Cupertino, California - it has been detected more often by researchers.

According to Symantec, Apple's tight vetting of apps on its store, as well as Android's much larger market share, may be to blame.

Image: The focus on app security comes as Google launches its new smartphones

Malware apps won't be uncovered by the Play Store bug bounty programme however, which will focus on keeping the most popular apps which opt into it secure.

Based in Mountain View, California, Google has partnered with the popular bug bounty platform HackerOne to reward those who find, disclose, and help fix the most serious security flaws.

Only eight developers have opted into the programme so far, including Tinder, Snapchat, and Dropbox.

Google also runs reward programmes for hackers who find vulnerabilities in its Chrome web browser, which currently offers security researchers $100,000 (£75,900) as its top reward.