ICYM: Google Set to End Bug Bounty Hunting Program

Google’s bug bounty hunting initiative Play Security Reward Program, where developers and researchers report and provide solutions to popular Android app vulnerabilities, will be ending on August 31 2024 , according to an announcement by the tech giant.

The program ran just short of seven years.

Google Play Security Reward Program was launched in 2017 and caught the attention of cybersecurity researchers and other developers to find, disclose, and resolve flaws and vulnerabilities to apps within the Google Play Store.

The program is set to come to a halt as the number of reported vulnerabilities have been decreasing.

The bug bounty hunting program first started with only a handful of developers, researchers, and apps participating, with rewards for identifying and providing solutions to vulnerabilities reaching USD5,000.00 for the most critical ones like remote code execution.

However, in 2019, Google expanded the scope of the program to include every app in Google Play Store that has reached 100 million downloads. Payouts also reached USD20,000.00 during this time.

The ending of the program is seen as an overall improvement to Android’s security prowess as an operating system.

“As a result of the overall increase in the Android OS security posture and feature hardening efforts, we’ve seen fewer actionable vulnerabilities reported by the research community,” an email by the Android Security Team that was seen by Android news website read.

Reports submitted up until the last day of the program will be triaged by September 15, with decision on rewards to be made on September 30. (GFB)