this post was submitted on 19 Aug 2024
184 points (98.4% liked)

Android

17682 readers
12 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

πŸ”—Universal Link: !android@lemdro.id


πŸ’‘Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.


Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

πŸ’¬Matrix Chat

πŸ’¬Telegram channels / chats

πŸ“°Our communities below


Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More


founded 1 year ago
MODERATORS
 

Summary

  • Major tech giants like Google pay researchers for finding vulnerabilities in their products.

  • Google is shutting down the Google Play Security Reward Program on August 31, 2024.

  • It will review all submitted reports before the program ends, though payouts can take a few weeks.

top 18 comments
sorted by: hot top controversial new old
[–] SpacePirate@lemmy.ml 56 points 2 months ago (1 children)

It’s not like the malicious actors have stopped looking… If they are finding fewer vulnerabilities, it sounds to me they should be paying more.

[–] The_v@lemmy.world 13 points 2 months ago* (last edited 2 months ago)

"Due to the success of the program, vulnerabilities are harder to find. The amount we are paying is now insufficient to justify the time and effort for most researchers."

One year later....

"The largest security breach ever has occured for Google...."

[–] Moonrise2473@feddit.it 32 points 2 months ago (1 children)

Translation: we really need more money to pay a bonus of some hundreds of millions to the CEO

[–] sunzu2@thebrainbin.org 2 points 2 months ago

Sundar the creep is worth every single peny of 200 million comp!

[–] Melonpoly@lemmy.world 29 points 2 months ago (1 children)

Short sightedness strikes again

[–] rothaine@lemm.ee 9 points 2 months ago (1 children)

MBA requirement for graduation

[–] henfredemars@infosec.pub 2 points 2 months ago

I'm amazed they can see out far enough to complete their own degree program.

[–] limerod@reddthat.com 26 points 2 months ago (3 children)

Google is shutting down the program due to its improved security measures

In its email, Google states that it is closing down the program because of the "overall increase in the Android OS security posture and feature hardening efforts." This has led to researchers submitting fewer vulnerabilities than before.

In its last annual report, Google claims to have stopped 2.28 million privacy-violating apps and banned 333,000 malicious developer accounts. Last year, it also announced major improvements to Google Play Protect, including real-time scanning for Android malware. More recently, it bolstered the Play Integrity API with in-app signals to prevent fraudulent activities.

These improvements are evidently working and have led to fewer vulnerabilities being discovered in Android apps and the ecosystem.

[–] unexposedhazard@discuss.tchncs.de 42 points 2 months ago (1 children)

We stopped actually looking and the numbers went down so problem solved right? Very smart google, very smart.

[–] TrickDacy@lemmy.world 3 points 2 months ago

You evidently did not read that

[–] TrickDacy@lemmy.world 26 points 2 months ago

Seems kind of weird to me that they want to shut down a program because it worked too well. "we don't want to pay people to find problems because we don't have to pay them as much lately"

[–] NarrativeBear@lemmy.world 16 points 2 months ago

On another note all new homes and buildings no longer need fire alarms or sprinklers as deaths related to fire have gone down.

Buildings are not burning down as much as they once did. So no need to spend money and time on fire safety and protection equipment. /s

[–] mindlight@lemm.ee 23 points 2 months ago

In its email, Google states that it is closing down the program because of the "overall increase in the Android OS security posture and feature hardening efforts." This has led to researchers submitting fewer vulnerabilities than before.

  1. Vulnerabilities are found, which shows that the program is successful and needed.
  2. No vulnerabilities are found, no money will have to leave Google.

Keeping the program will reap the benefits from both no. 1 and no.2 while closing down the program only enables no.2.

Not hard to see the priorities here....

[–] ikidd@lemmy.world 23 points 2 months ago

Google has defeated all possible vulnerabilities! Huzzah!

[–] flop_leash_973@lemmy.world 19 points 2 months ago* (last edited 2 months ago)

"It is so secure we don't even need to check it anymore."

MBA idiot says right before something they are in charge of gets compromised because some hacker took such a statement as a challenge.

[–] potentiallynotfelix@lemdro.id 13 points 2 months ago

Another reason not to use google play store for android apps

[–] UlyssesT@hexbear.net 9 points 2 months ago (1 children)

This is a giant invitation for hackers to look for more vulnerabilities.

All so some rich assholes can have yet another yacht. joker-amerikkklap

I don't understand why hackers aren't hijacking the stocks and capital of these rich people? It's obviously amazing reward