Google just confirmed how its security reward program that paid researchers money to find vulnerabilities across leading Android apps is all set to shut down this month.
The matter is concerning as it was considered useful. The feature highlighted issues lurking on the platforms that couldn’t otherwise be found. Furthermore, the program enabled companies to use the quick-fix method to address issues relating to different factors.
This was one of the many reasons why many companies today use these programs to get help from the outside world. Remember, we are talking about experts who are more experienced in spotting problems than the average human mind.
@MishaalRahman not sure if this is within your scope of interest pic.twitter.com/uJoiuoXKkB
— Sean Pesce (@SeanPesce) August 16, 2024
Google first rolled out the initiative in October of 2017 and many security researchers got to work immediately as financial returns were huge for their hard work on the Play Store.
Some of the payments hit the $5000 mark while others were restricted to $1000. With time, the feature was expanded to include more developers and their apps, and some of the largest apps were added to the list. Think along the lines of Facebook, Zomato, TikTok, Line, Tinder, PayPal, Dropbox, Amazon, and so on.
Two years after that, the Android maker gave rise to a new rewards program that featured all the apps on Google Play that had nearly 100M downloads. The rewards kept increasing to a $20k maximal limit and $3000 for any bugs involved in the theft of user data.
The incentive behind this rewards program was simple, Google wished to have the Play Store more secure for all. They used all the data offered to them by experts to carry out security checks and scanning. As a whole, it assisted 300k developers with 1M apps.
Now, Google is closing the program and rolling out emails to all those participating. As per the search engine giant, August 31 is the final date when we see this come to an end. The reason is simple. They have noted a massive decrease in vulnerabilities that makes this feature unnecessary.
It was interesting to see how Google gave itself credit for bettering its own policies and stepping up efforts to combat vulnerabilities. Since they’re doing a great job on that front, why take help from the outside world, right?
So far, it’s paid close to $256,000 as a part of the rewards program in 2019 and every year after that, it kept on decreasing. However, it failed to outline how much it’s paid since the final disclosure to the public.
For now, we know that the company is bidding farewell to the offering and not everyone is happy. Experts are happy that it means most apps are doing well in terms of offering great safety to users. On the other hand, no financial returns mean incentives to disclose vulnerabilities in the future are limited.
Image: DIW-Aigen
