Security flaws are hiding in most of the apps you use daily, and it’s tough for companies to catch every single one. That is where bug bounty programs come in. They bring in outside experts to help find and fix these issues. The Google Play Security Reward Program (GPSRP) is one such program that pays researchers to track down vulnerabilities in popular Android apps. However, it’s coming to an end later this month.
No more rewards for finding Android app vulnerabilities
According to a recent report, Google has decided to wind down the GPSRP. The company notified participating developers via email that the program will wrap up on August 31.
Google explained that the program is ending because there has been a drop in the number of actionable vulnerabilities reported. The company attributes this success to improvements in Android OS security and ongoing efforts to strengthen features.
We greatly appreciate the security research community that helps keep Android users safe. The Google Play Security Reward Program (GPSRP) was the first program of its type to pay a bonus reward in addition to any applicable developer vulnerability reward programs. Launched to encourage app developers to establish their own security programs, GPSRP has achieved its goal after 7 years. As a result of our advancements in Android security features and OS hardening, we’ve seen fewer actionable vulnerabilities reported to the GPSRP program by the research community. Due to this decrease in actionable vulnerabilities reported, we are winding down the program.We encourage researchers to work directly with application developers should they discover potential security vulnerabilities.
– a Google spokesperson, August 2024
Back in October 2017, Google kicked off the Google Play Security Reward Program to motivate security researchers to track down and responsibly report flaws in popular Android apps from the Google Play Store.
Recommended Stories
When the GPSRP first started, it was only available to a handful of developers who could report vulnerabilities affecting a limited set of apps. As time went on, the program broadened its reach to include all apps on Google Play with at least 100 million installs.
With the GPSRP developers could earn money by finding security flaws in Android apps. | Image credit – Google
The Google Play Security Reward Program had a clear mission: to make the Play Store a safer spot for Android apps. Google took the vulnerability data from the program and used it to build automated scans that checked all apps on Google Play for similar issues. These scans have helped over 300,000 developers fix more than 1,000,000 apps. So, overall, thanks to the GPSRP, fewer risky apps ended up in the hands of Android users.
Google closing this program has its pros and cons. I mean, on the bright side, it suggests that major apps have made strides in securing their platforms. Yet, it also might diminish the drive for security experts to responsibly report flaws if they find such. This could be an issue if those flaws are found in apps by developers who don’t have their own systems for handling bug reports.
Follow us on social media to catch the latest trending stories, watch exclusive videos, and join the conversation with our vibrant community!
Tsveta, a passionate technology enthusiast and accomplished playwright, combines her love for mobile technologies and writing to explore and reveal the transformative power of tech. From being an early follower of PhoneArena to relying exclusively on her smartphone for photography, she embraces the immense capabilities of compact devices in our daily lives. With a Journalism degree and an explorative spirit, Tsveta not only provides expert insights into the world of gadgets and smartphones but also shares a unique perspective shaped by her diverse interests in travel, culture, and visual storytelling.
Recommended Stories
Loading Comments...
COMMENT
All comments need to comply with our
Community Guidelines
Phonearena comments rules
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: