Google is amongst these corporations that run bounty applications that allow researchers discover vulnerabilities in its services and products. Google launched the same program that solely focuses on checking Android apps. However as introduced, the corporate mentioned it’s shutting the initiative after a number of years citing a cause that Android’s safety features have change into extra sturdy over time.
Why Google has a bug-hunting program
For starters, the Google Play Service Reward Program or GPSRP was launched in 2017, which incentivized researchers and particular person bug bounty hunters to seek out and disclose safety loopholes or vulnerabilities in Android apps. It is a separate program from Google’s different program that’s centered on the {hardware} entrance.
The findings in GPSRP vary within the type of distant code executions to delicate information being presumably uncovered and different varieties of safety shortcomings in well-liked and main apps. The extra complicated and significant the vulnerabilities they discover, the larger the quantity will be given with as much as $20,000 price of rewards out there.
Since its inception, Google mentioned the GSPRP has contributed to important safety enhancements and confirmed to be very helpful. Per the final annual report, it was highlighted that Google stopped 2.28 million privacy-violating apps and banned about 333,000 malicious developer accounts in 2023. Moreover, Google has rejected greater than 200,000 app submissions that do not adhere to Android’s safety and permission management protocols.
The information from this system has additionally helped Google deliver very important enhancements to its safety instruments, akin to giving Play Defend a real-time malware-scanning characteristic which even works when sideloading apps. Even so, Android 15 comes with up to date Play Integrity API and AI-powered safety features.
Google defined (through Android Authority) that its resolution to retire the GSPRP has been attributed to the “overall increase posture” within the Android OS. On the identical time, it added that the variety of vulnerabilities it obtained not too long ago has decreased, indicating that its measures applied have been efficient.
This system is ready to be shut down on August 31, 2024. Nevertheless, the corporate mentioned they are going to evaluation all submissions they obtained and plan to announce the ultimate resolution on these stories by September 30, 2024.
How do you defend your machine from safety vulnerabilities? Do you will have particular safeguards put in? Share with us your ideas within the feedback.
Supply:
Android Authority