Sunday, December 22, 2024

Google Play ends rewards for Android app bug hunters

Must read

Security flaws are hiding in most of the apps you use daily, and it’s tough for companies to catch every single one. That is where bug bounty programs come in. They bring in outside experts to help find and fix these issues. The Google Play Security Reward Program (GPSRP) is one such program that pays researchers to track down vulnerabilities in popular Android apps. However, it’s coming to an end later this month.

No more rewards for finding Android app vulnerabilities

According to a recent report, Google has decided to wind down the GPSRP. The company notified participating developers via email that the program will wrap up on August 31.Google explained that the program is ending because there has been a drop in the number of actionable vulnerabilities reported. The company attributes this success to improvements in Android OS security and ongoing efforts to strengthen features.

Back in October 2017, Google kicked off the Google Play Security Reward Program to motivate security researchers to track down and responsibly report flaws in popular Android apps from the Google Play Store.

When the GPSRP first started, it was only available to a handful of developers who could report vulnerabilities affecting a limited set of apps. As time went on, the program broadened its reach to include all apps on Google Play with at least 100 million installs.

The Google Play Security Reward Program had a clear mission: to make the Play Store a safer spot for Android apps. Google took the vulnerability data from the program and used it to build automated scans that checked all apps on Google Play for similar issues. These scans have helped over 300,000 developers fix more than 1,000,000 apps. So, overall, thanks to the GPSRP, fewer risky apps ended up in the hands of Android users.

Google closing this program has its pros and cons. I mean, on the bright side, it suggests that major apps have made strides in securing their platforms. Yet, it also might diminish the drive for security experts to responsibly report flaws if they find such. This could be an issue if those flaws are found in apps by developers who don’t have their own systems for handling bug reports.

Latest article