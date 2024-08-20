Google is among those companies that run bounty programs that let researchers find vulnerabilities in its products and services. Google introduced a similar program that solely focuses on checking Android apps. But as announced, the company said it is shutting the initiative after several years citing a reason that Android's security features have become more robust over the years.

Why Google has a bug-hunting program

For starters, the Google Play Service Reward Program or GPSRP was launched in 2017, which incentivized researchers and individual bug bounty hunters to find and disclose security loopholes or vulnerabilities in Android apps. It's a separate program from Google's other program that is centered on the hardware front.

The findings in GPSRP range in the form of remote code executions to sensitive data being possibly exposed and other types of security shortcomings in popular and major apps. The more complex and critical the vulnerabilities they find, the bigger the amount will be given with up to $20,000 worth of rewards available.

Since its inception, Google said the GSPRP has contributed to significant security enhancements and proven to be very useful. Per the last annual report, it was highlighted that Google stopped 2.28 million privacy-violating apps and banned about 333,000 malicious developer accounts in 2023. Additionally, Google has rejected more than 200,000 app submissions that don't adhere to Android's security and permission control protocols.

You can lock apps into the Private Space and stop their notifications and content from appearing and getting accessed / © Google

The data from the program has also helped Google bring vital improvements to its security tools, such as giving Play Protect a real-time malware-scanning feature which even works when sideloading apps. Even so, Android 15 comes with updated Play Integrity API and AI-powered security features.

Google explained (via Android Authority) that its decision to retire the GSPRP has been attributed to the "overall increase posture" in the Android OS. At the same time, it added that the number of vulnerabilities it received recently has decreased, indicating that its measures implemented have been effective.

The program is set to be shut down on August 31, 2024. However, the company said they will review all submissions they received and plan to announce the final decision on these reports by September 30, 2024.

