Google has announced it will be ending its Google Play Security Reward Program, a bug bounty initiative which allowed researchers and developers to identify and resolve vulnerabilities in popular Android apps for nearly seven years.
Launched in October 2017, the program attracted security researchers to discover and disclose flaws found in apps distributed through the Google Play Store.
Despite the program’s success, Google has decided to wind down the program owing to a decrease in the number of reported actionable vulnerabilities.
Google Play Security Reward Program
Initially, the program focused on a select group of developers and apps, offering rewards of up to $5,000 for the most critical vulnerabilities like remote code execution. Eventually, in 2019, the scope widened to include all apps distributed on the platform with over 100 million downloads, with payouts reaching $20,000.
In an email seen by Android Authority, the Android Security Team wrote: “As a result of the overall increase in the Android OS security posture and feature hardening efforts, we’ve seen fewer actionable vulnerabilities reported by the research community.”
The email goes on to confirm that the program will end on August 31 2024, and reports submitted up until then will be triaged by September 15. Reward decisions will be made by September 30 upon the official discontinuation of the program.
Moreover, Google blocked 2.28 million privacy-violating apps and banned 333,000 malicious developer accounts last financial year, alongside other Play Store improvements.
However, with the termination of the Google Play Security Reward Program, researchers could be less motivated to report issues, potentially leaving some apps more exposed, raising concerns about future vulnerabilities and the platform’s security.
More from TechRadar Pro
- Check out our roundup of the best malware removal tools around
- Google reveals major increase in bug bounty rewards — so get hunting
- Need a more up-to-date handset? Here are the best business smartphones