Google won’t pay for vulnerabilities discovered in Play Store Android apps

Chicago Circa October 2022: Google Chicago Office Google Is A Technology Company Known For Cloud

Google has decided it won’t pay for vulnerabilities discovered within Play Store apps and games. The search giant is essentially shuttering its bug bounty program.

Google won’t pay for vulnerabilities as it is winding down Play Security Reward Program

Google launched the Google Play Security Reward Program (GPSRP) back in October 2017. It is essentially a bug bounty program. Several companies seek help from external individuals and agencies to spot vulnerabilities and loopholes in software, and Google is no exception.

Google successfully incentivized security searchers to find and disclose vulnerabilities. The GPSRP, in particular, was intended for Android apps distributed through the Google Play Store.

It is interesting to note that Google initially limited GPSRP to a select number of developers. They were to submit eligible vulnerabilities affecting a small number of applications. Moreover, only a few app developers had their products scrutinized.

Google eventually scaled the bug bounty program to include several apps from Amazon, Snapchat, Tesla, TikTok, and more. However, the search giant has reportedly decided to wind down the program. As a result, security researchers won’t get monetary rewards.

Will Android apps now be exposed to undiscovered security risks?

Google will stop paying for security vulnerabilities in Play Store apps. However, that doesn’t mean Android apps will now be exposed to security risks.

Google claims it is now confident about its security measures. The search giant indicated that the Google Play Security Reward Program was meant to make the Play Store a more secure destination for Android apps.

Google has stated that it collected a lot of vulnerability data from the program. It used the knowledge to create automated checks that scanned all apps available in Google Play for similar vulnerabilities.

As a result of running the GPSRP, there are far fewer security vulnerabilities that can try and sneak past Google’s automated checks and defenses. Hence, the company has decided to wind down the program.

Google shutting down its Play Store bug bounty program strongly suggests the Android app store is now largely protected from vulnerabilities. However, security researchers now have no incentive to report any new vulnerabilities as Google won’t pay them handsomely. Incidentally, researchers can still earn from the Vulnerability Rewards Program, which now covers Generative Artificial Intelligence platforms.

The post Google won’t pay for vulnerabilities discovered in Play Store Android apps appeared first on Android Headlines.