Bug Bounties, Vulnerability Management

Google Play bug bounty program shutdown imminent

Share
An Android statue is displayed in front of a building on the Google campus on January 31, 2022 in Mountain View, California. (Photo by Justin Sullivan/Getty Images)

CyberScoop reports that Google has announced the discontinuation of the Google Play Security Reward Program — which provided monetary rewards for the identification of vulnerabilities in widely used mobile apps — by the end of the month amid dwindling flaw submissions attributed to Android's increasingly robust security posture.

While additional submissions would no longer be accepted by Aug. 31, Google noted that triaging of reports provided before then will be completed by Sept. 15, with rewards to be decided upon before the end of September. Such a program's demise was noted by information security researcher Sean Pesce to be a significant dent in the profitability of Android hacking. "GPSRP was a great program for securing the Android ecosystem, but at the end of the day, Google was paying for vulnerabilities in non-Google products. That's not really something you see other companies doing," said Pesce. On the other hand, Mathias Payer of Switzerland's Ecole Polytechnique Federale de Lausanne said that major apps on the Play Store may also have their own bug bounty programs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.