I came across a broken link hijacking case involving a Google Play Store package. The app link returns a 404, and the package name is currently unclaimed.which means it can potentially be taken over. It’s a valid security issue and could be eligible for a bug bounty, though I'm not 100% sure.

The company asked for a working proof of concept, meaning the package has to actually be claimed and uploaded to the Play Store. I haven’t created a developer account myself yet, since I haven’t needed one except for this case and it requires a $25 fee.

If you already have a developer account, would you be willing to contribute by uploading a simple placeholder app using that package name, just to prove the takeover? If the report gets rewarded, I’ll share 10% of the bounty with you. Usually, these types of reports are rewarded with $50 or $100, so I hope you understand I can’t offer more than 10%.

Let me know if you’re open to it.

Thanks!