Google is among the big tech companies that run programs where they pay security researchers and hackers for finding security problems in their products and services. The company has some programs that reward people for discovering issues in its devices and apps. For example, Google’s Android and Google Devices Security Reward Program offers money to people who find security flaws in its cameras, doorbells, speakers, thermostats, and streaming devices.
Another program, the Google Play Security Reward Program, rewards people for finding problems in Android apps. Through this program, Google pays up to $20,000 to those who find serious vulnerabilities in Android apps, such as a flaw that allows remote code execution without user interaction. If the vulnerability is related to the theft of sensitive data, the reward starts at $5,000. For less serious vulnerabilities, the reward is equally less.
This program started in October 2017 and later expanded in August 2019 to include all Android apps with more than 100 million downloads. However, Google has decided to end this particular program. Recently, Google has begun informing developers who participate in this program that it will be permanently shutting down.
The last day for researchers to submit their reports of any security flaws they find is August 31, 2024. After this date, Google will no longer accept any new reports. However, the company will still process all the reports submitted before the deadline and will make the final decisions on rewards by September 30, 2024. Google has assured researchers that all submitted reports will be reviewed before the program officially ends.
Google is ending this rewards program because of improvements in Android’s overall security. In an email, the company mentioned that the security of the Android operating system has significantly increased, and new features have made it harder for researchers to find vulnerabilities. As a result, fewer vulnerabilities are being reported, leading to the decision to close the program. Google has also updated the program’s webpage to reflect this change.
In its most recent annual report, Google highlighted that it had prevented 2.28 million apps that violated privacy from being published and banned 333,000 accounts from malicious developers. Last year, it also made significant upgrades to Google Play Protect, including adding real-time scanning for Android malware. More recently, Google improved the Play Integrity API to better prevent fraudulent activities in apps.