Google is one firm that runs bounty applications for researchers to find vulnerabilities in its services. Google launched an identical program that solely centered on checking Android apps. As introduced just lately, the corporate will shut down the initiative after a number of years, citing the explanation that Android’s safety features have develop into extra sturdy through the years.
Why Google has a Bug Searching program
For starters, the Google Play Service Reward Program or GPSRP was launched in 2017, which incentivized researchers and particular person bug bounty hunters to find and disclose safety loopholes or vulnerabilities in Android apps. It is a separate program from Google’s different program that’s centered on the {hardware} entrance.
Findings in GPSRP vary from a type of distant code executions to delicate knowledge being probably uncovered and different varieties of safety shortcomings in fashionable and main apps. The extra complicated and demanding the vulnerabilities they discover, the larger the quantity will be paid out, with as much as $20,000 price of rewards accessible.
Since its inception, Google talked about the GSPRP has contributed to important safety enhancements and has confirmed to be very helpful. Primarily based on the final annual report, it highlighted that Google stopped 2.28 million privacy-violating apps and banned roughly 333,000 malicious developer accounts in 2023. As well as, Google rejected greater than 200,000 app submissions that do not adhere to Android’s safety and permission management protocols.
Knowledge from this system additionally helped Google ship very important enhancements to its safety instruments, similar to giving Play Defend a real-time malware-scanning characteristic which even works when sideloading apps. Even then, Android 15 comes with an up to date Play Integrity API and AI-powered safety features.
Google defined (through Android Authority) that its resolution to retire the GSPRP has been attributed to the “overall increase posture” in Android. On the similar time, it added the variety of vulnerabilities it obtained has decreased just lately, indicating the effectiveness of the measures applied.
This system is ready to close down on August 31, 2024. Nonetheless, the corporate talked about they may assessment all submissions they obtained and plan to announce the ultimate resolution on these studies by September 30, 2024.
How do you defend your system from safety vulnerabilities? Do you’ve particular safeguards put in? Share your suggestions within the feedback with us.
Supply:
Android Authority