This is why Google does not pay for searching for vulnerabilities in the Play Store

Google recently confirmed that it is shutting down its Google Play Security Reward Program (GPSRP), meaning that researchers will no longer receive payments for finding vulnerabilities in Google Play Store apps. Now the Mountain View giant has revealed the reason for the decision.

Official announcement from Google: There will be no more payment for searching for vulnerabilities in the Play Store

According to a Google spokesperson, after 7 years, GPSRP has helped the company establish better automated rules for detecting vulnerabilities in the Play Store’s security systems, meaning that many of the vulnerabilities that would be eligible for a financial reward are already detected automatically.

In the statement, the company first expressed pride in having launched the program in the first place: “We greatly value the security research community that helps keep Android users safe. The Google Play Security Reward Program (GPSRP) was the first program of its kind to pay a bonus reward for vulnerabilities in addition to any applicable developer reward programs. The GPSRP was launched to encourage app developers to develop their own security programs and, after 7 years, has achieved its goal.”

Regarding the discontinuation of the program, the Google spokesperson then said the following: “Due to our progress in Android security features and OS hardening, we have noticed that the research community has reported fewer vulnerabilities to the GPSRP program that require action. Due to this decrease in reported vulnerabilities, we are discontinuing the program.”

This means that Google Play’s security systems are now much better able to detect vulnerabilities on their own. This is possible thanks to years of data collection and processing. While researchers no longer receive payment for finding vulnerabilities on Google Play, the company encourages them to “work directly with application developers when they discover potential security flaws.”

Google’s AI-powered services and platforms program remains active

Although Google is shutting down the “bug bounty” program for Play Store apps, there are still areas where it is active. For example, in its AI-powered services, a segment that suddenly exploded a few years ago. In the latter case, there is still a lot of work ahead and potential rewards for researchers to win. In the case of Google Play, it is normal for the platform to have reached such a level of maturity. After all, a lot of time, feedback and work have already gone into it.