Google Is Closing the Bug Bounty Program in the Play Store
Google is ending its bug bounty program. According to Android Authority , the company is ending the Google Play Security Reward Program on August 31. Google will review all reports submitted before this date by September 15th and will officially close its financial award on September 30th.
The decision comes nearly seven full years after Google initially launched the Google Play Security Reward Program. Back in 2017, the company announced a program offering security researchers an incentive to identify bugs and vulnerabilities in Android apps. These researchers could then share their findings with app developers so they can plug security gaps as quickly as possible.
This isn’t an idea exclusive to Google: many companies offer financial rewards to ethical hackers for finding and reporting vulnerabilities, big or small. No company can find all the bugs on its own, so the idea is to outsource some of this work to talented people who can see what the company can’t. In Google’s case , they have millions of apps in their Play Store , so the extra eyes are effective.
The program has grown to offer different financial rewards depending on the vulnerability: Google will pay as little as $500 for a report of a vulnerability that would allow a hacker to break into a system if they were on the same network as the user. about $20,000 for a vulnerability that would allow a hacker to remotely attack users using arbitrary code execution.
Google says it is winding down the program because the research community reported “fewer vulnerabilities requiring action,” which the company attributes to strengthening Android’s built-in security measures. If this is true, then it’s certainly good news: any strengthening of Google’s security policies is a positive thing, and if they feel confident enough in their ability to exclude third-party help, perhaps that’s a good sign. Google says it has been able to extract vulnerability data from these reports to create automated systems that look for these problems in applications without manual intervention.
But we’re talking about Google. The Company did not always consider end user privacy and security in every business decision. Even if you ignore it, it seems a little risky. There are a lot of apps on the Play Store, and many of those developers probably don’t have their own systems in place to find bugs. Small developers may not discover a serious security vulnerability on their own, and if Google’s systems do not detect it, users may be impacted.
And it’s not just legitimate apps with security flaws that you should be wary of: malicious apps are being discovered on the Play Store all the time. Back in May , we reported on a group of 90 malicious apps that were installed a total of 5.5 million times. And this is fully true with this program. Let’s hope Google’s security protocols are up to par, but it’s a shame to dismiss the ethical hackers who would prey on these very security flaws.
How to protect yourself in the future
Now more than ever, it is important to be careful when downloading apps from the Play Store on Android.
Before downloading the app, take a critical look at the page: is the text full of grammar and spelling problems? Are the images low quality or irrelevant to what the app is selling? Do the reviews look like they were written for any common application rather than the specific program you’re considering? These are all signs of a malicious app and you should stay away.
But keep an eye on other aspects too: look at the privacy report and evaluate what permissions the app is going to ask you for. Even if an app is legitimate, if it requires too much data from you, it is a liability if the app is ever compromised. (There’s also no reason why many of these apps need personal information like your contacts or location.)
First of all, remember to update your apps regularly. If vulnerabilities are found, developers will fix and update their applications. To check for updates regularly, open the Play Store, tap your profile picture in the top right corner, select Manage apps and device , then Manage . Then update apps that have updates available.