Recently, Google confirmed the shut down of its Google Play Security Reward Program (GPSRP). This means that researchers will no longer receive payments for finding vulnerabilities in Google Play Store apps. Now, the Mountain View giant has revealed the reason behind the decision.
Google official word on no longer paying to find Play Store vulnerabilities
According to a Google spokesperson, after 7 years, the GPSRP helped the company establish better automatic rules for detecting vulnerabilities in the Play Store’s security systems. So, many of the vulnerabilities that would qualify for a monetary reward are already being detected automatically.
In the statement, the company first takes pride in having set up the program in the first place: “We greatly appreciate the security research community that helps keep Android users safe. The Google Play Security Reward Program (GPSRP) was the first program of its type to pay a bonus reward in addition to any applicable developer vulnerability reward programs. Launched to encourage app developers to establish their own security programs, GPSRP has achieved its goal after 7 years.”
Then, regarding the program shutdown, the Google spokesperson says the following: “As a result of our advancements in Android security features and OS hardening, we’ve seen fewer actionable vulnerabilities reported to the GPSRP program by the research community. Due to this decrease in actionable vulnerabilities reported, we are winding down the program.”
This translates into Google Play security systems now being much more capable of autonomously detecting vulnerabilities. This is possible thanks to years of data collection and processing. While researchers will no longer receive payments for finding vulnerabilities on Google Play, the company is encouraging them “to work directly with application developers should they discover potential security vulnerabilities.”
Program still active for Google’s AI-powered services and platforms
Although Google is shutting down the “bug bounty” program for Play Store apps, there are still fields where it is active. For example, in its AI-powered services, a segment that suddenly exploded a few years ago. The latter still has a lot of work ahead and potential rewards for researchers to win. In the case of Google Play, it is normal that the platform has reached such a state of maturity. After all, it already has a lot of time, feedback, and work behind it.
The post This is why Google will not pay for finding Play Store vulnerabilities appeared first on Android Headlines.