Google today announced that it will reward security researchers who find «Verifiable and unequivocal evidence» of Chrome applications or extensions misusing user data
This announcement is part of the company's efforts to identify those actors who misuse user data collected through Android applications or Chrome extensions.
Google said anyone who identifies «Situations in which user data is being used or sold unexpectedly, or is being reused illegitimately without the user's consent» is Candidate to receive a reward for identifying misuse of data.
«If an improper use of data related to a Chrome application or extension is detected, that application or extension will be removed from Google Play or the Google Chrome web store», says the blog post. "In the event that an application developer misuses access to restricted Gmail scopes, his API access will be removed."
The company said that abuse of its developer APIs also fall under the scope of the reward for misuse of data.
Google said it still does not have a bounty table ready, but that A single report on the misuse of the data could have a reward of $ 50,000 associated.
The news of the extension of the reward comes after the scandal various extensions of browsers that collected and shared data from millions of users. These Chrome extensions sent the web addresses and titles of the web pages visited by each user, confidential data such as tax returns, patient data and travel itineraries.