Google announces that it will end the 'Google Play Security Reward Program,' which pays rewards to developers who report vulnerabilities in Android apps, on August 31, 2024



Since October 2017, Google has been running a program called

the Google Play Security Reward Program (GPSRP), which pays rewards to security researchers who identify and report vulnerabilities in Android apps. However, Google has informed developers that it will end GPSRP on August 31, 2024.

Google Play Security Reward Program Rules - Rules - About - Google Bug Hunters
https://bughunters.google.com/about/rules/android-friends/5604090422493184/google-play-security-reward-program-rules



Google Play will no longer pay to discover vulnerabilities in popular Android apps - Android Authority

https://www.androidauthority.com/google-play-security-reward-program-winding-down-3472376/

Google won't pay for vulnerabilities discovered in Play Store Android apps
https://www.androidheadlines.com/2024/08/google-wont-pay-for-vulnerabilities-discovered-in-play-store-android-apps.html

Google Play ends rewards for Android app bug hunters - PhoneArena
https://www.phonearena.com/news/google-ends-rewards-for-android-app-bug-hunters_id161552

GPSRP, which was launched in October 2017, was originally a way for developers to report vulnerabilities in Android apps available on the Google Play Store that could lead to remote code execution or personal data leakage, and developers who reported vulnerabilities could receive a reward of up to $5,000 (approximately 730,000 yen).

GPSRP was initially only available to a limited number of developers, but Google later relaxed the restrictions on available developers and eligible apps. In July 2019, the reward amount was increased to a maximum of $20,000. According to Google, as of 2019, more than 300,000 developers had fixed more than 1 million apps on Google Play, and more than $265,000 in rewards had been paid out.



However, Google has announced that it will end GPSRP on August 31, 2024. Google stated that the reason for the end of the service is that 'Android's security features have been strengthened and vulnerabilities have been reduced,' and expressed its gratitude to developers who have used GPSRP.

Additionally, Google reports that it 'collected a lot of vulnerability data from GPSRP and used this knowledge to create automated checks that look for similar vulnerabilities by scanning all apps available on Google Play.'



According to Google, the Security Rewards program for Android and Google devices will continue to be available.

in Software,   Security, Posted by log1r_ut