Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Android Central
Android Central
Technology
Vishnu Sarangapurkar

Google is ending the Play Store security reward program

The Google Play Logo on stage at an event in NYC.

What you need to know

  • Launched in 2017, the Google Play Security Program will no longer be functional after August 31.
  • However, researchers can still submit security reports, which will be addressed until September 30.
  • Google cites a "decrease in actionable vulnerabilities reported" as the reason for its discontinuation.

Updated 4:00pm ET with new comments from Google.

After seven successful years, Google’s Play Security Reward Program is ending on August 31. The company recently let developers know about the decision via email.

The program paid developers who found and disclosed vulnerabilities in Android apps, explained Mishaal Rahman at Android Authority. The program, which was fairly unique, has "achieved its goals," a Google spokesman told Android Authority.

"We greatly appreciate the security research community that helps keep Android users safe. The Google Play Security Reward Program (GPSRP) was the first program of its type to pay a bonus reward in addition to any applicable developer vulnerability reward programs. Launched to encourage app developers to establish their own security programs, GPSRP has achieved its goal after 7 years."

For the uninitiated, Google kicked off the program in 2017 to encourage developers and security researchers to find vulnerabilities in Google’s websites, apps, Chrome and Chrome OS, and Pixel devices. Researchers who spotted and reported issues were rewarded with cash from Google Play.

Though it did boost Android and Google Play security, the system is no longer necessary, Google told us. "As a result of our advancements in Android security features and OS hardening, we’ve seen fewer actionable vulnerabilities reported to the GPSRP program by the research community. Due to this decrease in actionable vulnerabilities reported, we are winding down the program."

"We encourage researchers to work directly with application developers should they discover potential security vulnerabilities," he added.

(Image credit: Mishaal Rahman/ via Android Authority)

As mentioned, the program will end on August 31; however, reports submitted before that period will be triaged by September 15, and final reward decisions are expected to be made before September 30. After that, the program will be "officially discontinued," the Android security team notes in the email.

The GPSRP was an extra step to gather vulnerability data and create automated checks. These checks would be applied to all Android apps on the Play Store to check for similar vulnerabilities and make the app store safer, even though Google already has its own set of measures to keep the Play Store safe for those many apps. Either way, it is about to end—for better or worse.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.