Google is ending its Android app store bug bounty program
The Google Play Security Reward Program will end soon
Google has announced it will be ending its Google Play Security Reward Program, a bug bounty initiative which allowed researchers and developers to identify and resolve vulnerabilities in popular Android apps for nearly seven years.
Launched in October 2017, the program attracted security researchers to discover and disclose flaws found in apps distributed through the Google Play Store.
Despite the program’s success, Google has decided to wind down the program owing to a decrease in the number of reported actionable vulnerabilities.
Google Play Security Reward Program
Initially, the program focused on a select group of developers and apps, offering rewards of up to $5,000 for the most critical vulnerabilities like remote code execution. Eventually, in 2019, the scope widened to include all apps distributed on the platform with over 100 million downloads, with payouts reaching $20,000.
In an email seen by Android Authority, the Android Security Team wrote: “As a result of the overall increase in the Android OS security posture and feature hardening efforts, we’ve seen fewer actionable vulnerabilities reported by the research community.”
The email goes on to confirm that the program will end on August 31 2024, and reports submitted up until then will be triaged by September 15. Reward decisions will be made by September 30 upon the official discontinuation of the program.
Moreover, Google blocked 2.28 million privacy-violating apps and banned 333,000 malicious developer accounts last financial year, alongside other Play Store improvements.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
However, with the termination of the Google Play Security Reward Program, researchers could be less motivated to report issues, potentially leaving some apps more exposed, raising concerns about future vulnerabilities and the platform’s security.
More from TechRadar Pro
- Check out our roundup of the best malware removal tools around
- Google reveals major increase in bug bounty rewards — so get hunting
- Need a more up-to-date handset? Here are the best business smartphones
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!