Google is one company that runs bounty programs for researchers to discover vulnerabilities in its products and services. Google introduced a similar program that solely focused on checking Android apps. As announced recently, the company will shut down the initiative after several years, citing the reason that Android’s security features have become more robust over the years.
Why Google has a Bug Hunting program
For starters, the Google Play Service Reward Program or GPSRP was launched in 2017, which incentivized researchers and individual bug bounty hunters to discover and disclose security loopholes or vulnerabilities in Android apps. It’s a separate program from Google’s other program that is centered on the hardware front.
Findings in GPSRP range from a form of remote code executions to sensitive data being possibly exposed and other types of security shortcomings in popular and major apps. The more complex and critical the vulnerabilities they find, the bigger the amount will be paid out, with up to $20,000 worth of rewards available.
Since its inception, Google mentioned the GSPRP has contributed to significant security enhancements and has proven to be very useful. Based on the last annual report, it highlighted that Google stopped 2.28 million privacy-violating apps and banned approximately 333,000 malicious developer accounts in 2023. In addition, Google rejected more than 200,000 app submissions that don’t adhere to Android’s security and permission control protocols.
Data from the program also helped Google deliver vital improvements to its security tools, such as giving Play Protect a real-time malware-scanning feature which even works when sideloading apps. Even then, Android 15 comes with an updated Play Integrity API and AI-powered security features.
Google explained (via Android Authority) that its decision to retire the GSPRP has been attributed to the “overall increase posture” in Android. At the same time, it added the number of vulnerabilities it received has decreased recently, indicating the effectiveness of the measures implemented.
The program is set to shut down on August 31, 2024. However, the company mentioned they will review all submissions they received and plan to announce the final decision on these reports by September 30, 2024.
How do you protect your device from security vulnerabilities? Do you have specific safeguards installed? Share your tips in the comments with us.
Source:
Android Authority
