Google shuts down rewards programme for finding vulnerabilities in Android apps

Google has announced the end of the Google Play Security Reward Programme (GPSRP), which was launched in 2017 to encourage security researchers to find and responsibly disclose vulnerabilities in popular Android apps.

Here's What We Know

The programme was created to improve the security of apps in the Google Play shop. Since its inception, GPSRP has paid out significant sums to researchers for discovering vulnerabilities such as remote code execution and sensitive data theft.

Since its launch, the programme has expanded to cover developers of major apps such as Amazon, Facebook, Snapchat, Spotify, Telegram, Tesla, TikTok, and others. In 2019, GPSRP began covering all apps with more than 100 million installations, and the maximum payouts for vulnerabilities reached $20,000.

However, Google decided to end the programme due to a decrease in the number of vulnerabilities reported by researchers. The company attributes this to an overall increase in Android OS security and increased functionality. The programme will end on August 31, 2024 and all reports submitted before then will be reviewed by September 15.

Source: Android Authority