Google is amongst these corporations that run bounty applications that allow researchers discover vulnerabilities in its services and products. Google launched an analogous program that solely focuses on checking Android apps. However as introduced, the corporate stated it’s shutting the initiative after a number of years citing a purpose that Android’s safety features have change into extra sturdy over time.
Why Google has a bug-hunting program
For starters, the Google Play Service Reward Program or GPSRP was launched in 2017, which incentivized researchers and particular person bug bounty hunters to search out and disclose safety loopholes or vulnerabilities in Android apps. It is a separate program from Google’s different program that’s centered on the {hardware} entrance.
The findings in GPSRP vary within the type of distant code executions to delicate information being presumably uncovered and different kinds of safety shortcomings in common and main apps. The extra advanced and demanding the vulnerabilities they discover, the larger the quantity will be given with as much as $20,000 value of rewards out there.
Since its inception, Google stated the GSPRP has contributed to important safety enhancements and confirmed to be very helpful. Per the final annual report, it was highlighted that Google stopped 2.28 million privacy-violating apps and banned about 333,000 malicious developer accounts in 2023. Moreover, Google has rejected greater than 200,000 app submissions that do not adhere to Android’s safety and permission management protocols.
The information from this system has additionally helped Google deliver important enhancements to its safety instruments, comparable to giving Play Defend a real-time malware-scanning function which even works when sideloading apps. Even so, Android 15 comes with up to date Play Integrity API and AI-powered safety features.
Google defined (by way of Android Authority) that its choice to retire the GSPRP has been attributed to the “general enhance posture” within the Android OS. On the similar time, it added that the variety of vulnerabilities it obtained not too long ago has decreased, indicating that its measures applied have been efficient.
This system is ready to be shut down on August 31, 2024. Nonetheless, the corporate stated they are going to assessment all submissions they obtained and plan to announce the ultimate choice on these reviews by September 30, 2024.
How do you defend your gadget from safety vulnerabilities? Do you could have particular safeguards put in? Share with us your ideas within the feedback.
Supply:
Android Authority
