bug bounty Archives

Winsage

December 7, 2024

Microsoft Expands Access to Windows Recall AI Feature

Microsoft has expanded its Windows Recall feature to Copilot+ PCs with AMD and Intel chipsets, following its initial availability on Snapdragon devices. The feature is currently in a preview stage for Windows Insiders and allows users to capture and revisit specific snapshots of their work. Microsoft has implemented privacy and security measures, including data encryption, turning Recall off by default, and requiring Windows Hello biometrics for recording sessions. Recall is also part of Microsoft's bug bounty program to address security vulnerabilities. The rollout was delayed from June to October and then to November before being launched in a limited capacity.

Winsage

December 6, 2024

Previewing More Copilot+ Experiences with Windows Insiders in the Dev Channel

Windows 11 Insider Preview Build 26120.2510 (KB5048780) has been released to the Dev Channel, introducing new features for AMD and Intel®-powered Copilot+ PCs, including the Recall feature and an expansion of Click to Do (Preview). To join the Dev Channel, users must register for the Windows Insider Program, link their Microsoft account, select the Dev Channel, and check for updates. The Recall feature allows users to find apps, websites, images, or documents by describing their content and includes timeline control for revisiting past activities. The Cocreator feature in Microsoft Paint enables AI-assisted artwork generation from text prompts. The Photos app has been updated with Image Creator and Restyle Image features for generating new images and applying artistic styles to existing photos, respectively. Click to Do has been enhanced with new activation methods and intelligent text actions, allowing users to summarize or rewrite text. Additional changes include a modernized Windows Hello experience, improvements to the system tray, and various fixes for audio and application stability. Known issues include problems with Recall and Click to Do functionalities, which will be addressed in future updates. The Microsoft Store now supports direct updates for Win32 apps.

Winsage

November 28, 2024

Microsoft Releases Recall in Windows Insider Preview

Microsoft has released a first-look preview of its revamped Windows Recall feature for Windows Insiders via the Dev Channel, specifically for users with Qualcomm Snapdragon X Elite and Plus Copilot+ PCs, through Windows 11 Insider Preview Build 26120.2415 (KB5046723). Recall allows users to take "snapshots" of their PC activities, retrieving application actions, websites visited, or documents accessed. It uses optical character recognition (OCR) to extract text from screenshots, storing images and text in a searchable database. Recall includes a built-in neural processing unit for local AI and machine learning tasks, ensuring user data is not stored in the cloud. To enhance privacy and security, users must opt in to save snapshots, and the system requires BitLocker disk encryption, Secure Boot, and Windows Hello for reauthentication. Users can delete snapshots and opt out of using Recall for specific applications. IT administrators will manage Recall for enterprise and educational users. The preview allows users to provide feedback on Recall and its security framework through the Feedback Hub and Windows Insider Preview Bug Bounty Program. Microsoft has not announced a timeline for the general release of Recall.

Winsage

November 23, 2024

Previewing Recall with Click to Do on Copilot+ PCs with Windows Insiders in the Dev Channel

Windows 11 Insider Preview Build 26120.2415 (KB5046723) has been released to the Dev Channel, introducing features like Recall (Preview) and Click to Do (Preview) for Snapdragon-powered Copilot+ PCs. Users can join the Dev Channel by registering for the Windows Insider Program and selecting the Dev Channel in the settings. Recall allows users to search for previously interacted items on their PC using AI, requiring Windows Hello for authentication and enabling BitLocker and Secure Boot. Users can manage saved snapshots, delete unwanted ones, and ensure their data remains private. Recall detects sensitive information and does not save such snapshots. Click to Do integrates with Recall to enhance productivity by offering actions for recognized text and images within snapshots. This feature is also currently exclusive to Snapdragon-powered Copilot+ PCs. The update includes various improvements and fixes across Windows 11 PCs, such as enhancements to Windows Hello, Narrator, and speech functionalities. Known issues with Recall and Click to Do will be addressed in future updates.

AppWizard

August 22, 2024

Google to wind down app store bug bounty

Google is winding down its bug bounty program, the Google Play Security Reward Program (GPSRP), due to a decline in reported vulnerabilities attributed to improvements in Android security. The program, launched in 2017, aimed to incentivize the discovery of vulnerabilities in apps on the Google Play Store, which has seen over 113 billion downloads in 2023. The GPSRP will officially conclude on August 31, with vulnerability reports submitted before this date evaluated by September 15 and final reward decisions communicated by September 30. Some security researchers express concern that the program's closure may overlook ongoing security risks, while others suggest that companies on the Google platform could establish their own bounty programs.

AppWizard

August 21, 2024

Google Play Store’s Bug Bounty Program to End on August 31

Google's bug bounty program for Android apps, the Google Play Security Reward Program (GPSRP), will conclude on August 31, 2024. Launched in 2017, the program incentivized researchers to find security vulnerabilities in popular Android applications, initially targeting select developers with rewards up to ,000 for critical issues. In 2019, it expanded to all apps with over 100 million downloads, increasing potential payouts to 0,000. The decision to end the program is due to a decline in actionable vulnerabilities reported, attributed to improvements in Android OS security. Google will continue investing in other security initiatives, such as the Android Vulnerability Rewards Program (AVRP). Researchers are encouraged to submit findings before the program ends, with reports due by September 15 and final decisions by September 30.

AppWizard

August 20, 2024

Google is ending its Android app store bug bounty program

Google will conclude the Google Play Security Reward Program on August 31, 2024, after nearly seven years of operation since its launch in October 2017. The decision to end the program is attributed to improvements in the security of the Android operating system and a decrease in actionable vulnerabilities reported by researchers. Reports submitted before the conclusion date will be triaged by September 15, with reward decisions finalized by September 30. In the previous financial year, Google blocked 2.28 million privacy-violating applications and banned 333,000 malicious developer accounts. The termination of the program raises concerns about the potential decrease in motivation for researchers to report vulnerabilities, which could lead to increased future vulnerabilities on the platform.

AppWizard

August 19, 2024

Google won’t pay you to find security flaws in its most popular app

Google is terminating the Google Play Security Reward Program (GPSRP) on August 31st, 2024, due to a decrease in reported vulnerabilities. The program, which began in October 2017, incentivized external security researchers to identify vulnerabilities in Android applications on the Google Play Store. It initially focused on a limited number of apps but later expanded to include apps from major companies like Amazon, Snapchat, Tesla, and TikTok. Despite the program's success in improving security, Google believes its existing protocols are sufficient, leading to the decision to end financial rewards for vulnerability reports. Security researchers can still participate in the Vulnerability Rewards Program, which has been expanded to include Generative Artificial Intelligence platforms.

AppWizard

August 19, 2024

Google Play will no longer pay to discover vulnerabilities in popular Android apps

Google is winding down the Google Play Security Reward Program (GPSRP), effective August 31st, due to a decrease in actionable vulnerabilities reported by the security research community. The program, launched in late 2017, incentivized researchers to disclose vulnerabilities in popular Android applications, initially focusing on a limited number of developers and later expanding to all apps on the Google Play Store with at least 100 million installations. Maximum rewards were increased over time, reaching up to 0,000 for remote code execution vulnerabilities. The program contributed to enhanced security on the Play Store, helping over 300,000 developers fix more than one million apps by 2019. Google cited overall improvements in the security landscape of Android as the reason for discontinuing the program. Reports submitted before the end date will be triaged by September 15th, with final reward decisions made by September 30th.