Google will stop paying researchers to find vulnerabilities in popular Android apps

Google is shutting down its Google Play Security Reward Program later this month

Summary

Major tech giants like Google pay researchers for finding vulnerabilities in their products.
Google is shutting down the Google Play Security Reward Program on August 31, 2024.
It will review all submitted reports before the program ends, though payouts can take a few weeks.

17 comments

It’s not like the malicious actors have stopped looking… If they are finding fewer vulnerabilities, it sounds to me they should be paying more.
- "Due to the success of the program, vulnerabilities are harder to find. The amount we are paying is now insufficient to justify the time and effort for most researchers."
  One year later....
  "The largest security breach ever has occured for Google...."

Translation: we really need more money to pay a bonus of some hundreds of millions to the CEO
- Sundar the creep is worth every single peny of 200 million comp!

Short sightedness strikes again
- MBA requirement for graduation
  
  I'm amazed they can see out far enough to complete their own degree program.

In its email, Google states that it is closing down the program because of the "overall increase in the Android OS security posture and feature hardening efforts." This has led to researchers submitting fewer vulnerabilities than before.
Vulnerabilities are found, which shows that the program is successful and needed.
No vulnerabilities are found, no money will have to leave Google.
Keeping the program will reap the benefits from both no. 1 and no.2 while closing down the program only enables no.2.
Not hard to see the priorities here....

"It is so secure we don't even need to check it anymore."
MBA idiot says right before something they are in charge of gets compromised because some hacker took such a statement as a challenge.

17 comments