bug bounty programs Archives

AppWizard

August 19, 2024

Google Play will no longer pay to discover vulnerabilities in popular Android apps

Google is winding down the Google Play Security Reward Program (GPSRP), effective August 31st, due to a decrease in actionable vulnerabilities reported by the security research community. The program, launched in late 2017, incentivized researchers to disclose vulnerabilities in popular Android applications, initially focusing on a limited number of developers and later expanding to all apps on the Google Play Store with at least 100 million installations. Maximum rewards were increased over time, reaching up to 0,000 for remote code execution vulnerabilities. The program contributed to enhanced security on the Play Store, helping over 300,000 developers fix more than one million apps by 2019. Google cited overall improvements in the security landscape of Android as the reason for discontinuing the program. Reports submitted before the end date will be triaged by September 15th, with final reward decisions made by September 30th.

AppWizard

August 19, 2024

Google Play ends rewards for Android app bug hunters

Google is set to conclude the Google Play Security Reward Program (GPSRP) on August 31, due to a decline in actionable vulnerabilities being reported, which Google attributes to improvements in Android OS security. The GPSRP, launched in October 2017, incentivized researchers to identify vulnerabilities in popular Android applications on the Google Play Store, expanding over time to include all apps with at least 100 million installations. Through the program, developers earned money for finding security flaws, and it helped over 300,000 developers fix more than 1,000,000 applications, reducing the number of risky apps. The closure of the GPSRP raises concerns about the motivation for security experts to report vulnerabilities responsibly, particularly for apps from companies with weaker bug report management systems.