Let’s face the music. Technology companies copy each other all the time. That’s what patent lawsuits tell us. There are some areas where intellectual property is not invaded, and that’s in processes and procedures. Oh, and design.
After all, Google copied almost everything about Apple’s original iPhone that could be copied, right? In this case, Google has something on Android that Apple needs to have for iPhone, too.
A bounty program. Specifically, a bug bounty program on the most popular applications Apple sells on the iPhone App Store. Yes, both Google and Apple already have a bug bounty program, but this one helps out popular app developers, too.
Those are the ones where Apple gets richest.
Catalin Cimpanu explains what Google does.
Google expanded its bug bounty program today to include any Android app listed on the Play Store that has more than 100 million user installs.
Apple needs to do exactly the same thing.
Now, that 100-million number may sound like a large number but it’s not. Many apps on Apple’s iPhone App Store get similar download numbers. Including Apple’s own apps; Safari, Mail, Calendar, FaceTime, Messages, etc.
Security researchers can report vulnerabilities in these apps to Google, and the Android OS maker will provide monetary rewards for valid bug reports.
Why is this such a good idea?
Writing software in a vacuum is difficult. Bugs are a part of the business, yes, but so is tracking down bugs and squashing them; getting rid of them, and that requires more eyes on the prize.
No, not just users, but hackers and researchers who know there is money in finding and divulging bugs. Google’s process is commendable for one very big reason.
Google will triage all bug reports via its Google Play Security Reward Program (GPSRP) on the HackerOne platform, and then relay the vulnerabilities to app developers. If apps fail to address the bugs, Google will remove them from the Play Store.
That last sentence is the killer and likely to help prune the Google Play store of many of what are called abandonware. Apps that still exist, but are rife with bugs, and in need of an upgrade.
This is a good idea and Apple should adopt something similar.
App developers such as Facebook, Microsoft, or Twitter, which have their private bug bounty programs are not excluded
Uh oh. Tough love.