Google pulls the plug on Android apps bug bounty program, here’s why

Google

Google has revealed that it is shutting down its Google Play Security Reward Program (GPSRP), effective August 31, 2024. Launched in 2017, it was a bug bounty program that rewarded security researchers for identifying and reporting vulnerabilities in popular Android apps.

According to a report by Android Authority, Google sent an email to security researchers announcing the termination of the program. Over the years, it has played a crucial role in enhancing the security of the Google Play Store by offering rewards of up to $20,000 for critical vulnerabilities.

As per the report and the email cited, Google said that it is shutting down the program as there has been a significant improvement in security of Android and Play Store. According to Google, these advancements have led to a significant decrease in the number of actionable vulnerabilities reported by researchers.

“As a result of the overall increase in the Android OS security posture and feature hardening efforts, we’ve seen fewer actionable vulnerabilities reported by the research community. Due to this decrease in actionable vulnerabilities reported, we are winding down the GPSRP program,” Google told security researchers in the email.

Google emphasised that all reports submitted before the program’s closure will be reviewed, with final reward decisions made by September 30, 2024. The company reassured researchers that their contributions have been instrumental in making the Play Store a safer environment for users.

The bug bounty program collaborated with top developers and was expanded in 2019 to include all Android apps with over 100 million downloads. The data collected from the program helped Google develop automated checks that scanned apps for similar vulnerabilities, benefiting over 300,000 developers and improving more than a million apps, as per the report.