Google Play discontinues rewards for Android app bug hunters
What's the story
Google has announced the termination of its Google Play Security Reward Program (GPSRP), effective from August 31. The initiative, launched in October 2017, was designed to encourage security researchers to identify and report vulnerabilities in popular Android apps. Initially, the program was open only to a select group of developers who could report issues, affecting a specific range of apps.
Program evolution
GPSRP's expansion and impact
Over time, the GPSRP expanded to include all apps on Google Play with a minimum of 100 million installs. The primary objective of this program was to enhance the safety of the Play Store for Android apps. Google utilized data from this initiative to develop automated scans that checked all apps on Google Play for similar vulnerabilities.
Program impact
GPSRP's contribution to app security improvement
The automated scans developed from GPSRP data have assisted over 300,000 developers in rectifying more than one million apps. As a result of this program, fewer risky apps have found their way into the hands of Android users. However, Google has decided to discontinue the program due to a decrease in the number of actionable vulnerabilities reported.
Security enhancement
Google attributes program's end to improved Android security
Google attributes the decline in reported vulnerabilities to advancements in Android security and ongoing efforts to fortify features. The termination of this program could have both positive and negative implications. On one hand, it indicates that major apps have made significant progress in securing their platforms. On the other hand, it may lower the incentive for security experts to responsibly report flaws they discover.