CyberScoop reports that Google has announced the discontinuation of the Google Play Security Reward Program — which provided monetary rewards for the identification of vulnerabilities in widely used mobile apps — by the end of the month amid dwindling flaw submissions attributed to Android's increasingly robust security posture.
While additional submissions would no longer be accepted by Aug. 31, Google noted that triaging of reports provided before then will be completed by Sept. 15, with rewards to be decided upon before the end of September. Such a program's demise was noted by information security researcher Sean Pesce to be a significant dent in the profitability of Android hacking. "GPSRP was a great program for securing the Android ecosystem, but at the end of the day, Google was paying for vulnerabilities in non-Google products. That's not really something you see other companies doing," said Pesce. On the other hand, Mathias Payer of Switzerland's Ecole Polytechnique Federale de Lausanne said that major apps on the Play Store may also have their own bug bounty programs.
