Google will discontinue its Google Play Security Reward Program (GPSRP) by the end of this month, ending a significant initiative that incentivized security researchers to discover vulnerabilities in widely used Android apps.

Launched in October 2017, the GPSRP aimed to bolster the security of apps on the Google Play Store by rewarding researchers for identifying and responsibly disclosing vulnerabilities. Initially, the program covered a limited number of apps and offered rewards up to $5,000 for critical issues like remote code execution and $1,000 for less severe vulnerabilities. Over time, its scope broadened to include major apps such as Airbnb, Amazon, Facebook, and Spotify, with payouts increasing to as much as $20,000.

In August 2019, the program was expanded to encompass all apps with over 100 million downloads, even if those apps didn’t have their own security programs. Google utilized the vulnerability data from GPSRP to develop automated scanning tools, which helped improve app security across the platform. By 2019, these efforts had aided over 300,000 developers in securing more than a million apps.

Despite its success, Google has decided to end the program on August 31, 2024, citing a decline in the number of significant vulnerabilities reported. The company attributes this decrease to improvements in the overall security posture of the Android operating system and the hardening of its features.