早在 2017 年,谷歌就推出了一项名为 “Google Play 安全奖励计划” 的举措,允许开发人员和安全研究人员发现流行 Android 应用程序中的漏洞,并通过他们的工作赚取奖金。虽然该计划激励了善于发现漏洞的研究人员仔细检查 Play Store 应用程序,但谷歌已宣布该计划将于本月底结束。
根据谷歌发给开发者的一封电子邮件,Google Play 安全奖励计划(GPSRP)将于 8 月 31 日结束,这距离该计划的推出已经过去了近 7 年时间。在此期限之前发送的报告将在 9 月 15 日之前进行审核,并在 9 月底之前做出支付剩余奖励的最终决定。
谷歌将 “Android 操作系统安全态势的整体提升” 和 “功能加固工作” 作为终止漏洞奖励计划的原因。
Google Play 安全奖励计划最初仅限于一小部分 Android 开发人员参与。该计划为发现远程代码执行漏洞支付 5000 美元,为窃取私人数据支付 1000 美元。2019 年,发现这些漏洞的奖励分别增至 20,000 美元和 3,000 美元。该计划还覆盖了至少有 1 亿安装量的 Google Play 应用程序。
安卓系统的安全性已经强大到不需要外界帮助就能发现安全漏洞,这固然是件好事,但关闭 GPSRP 可能会对 Play Store 的安全性产生负面影响,因为研究人员不再有动力去查找安全漏洞。
以下是谷歌发给开发者的电子邮件:
“Dear Researchers,
I hope this email finds you well. I am writing to express my sincere gratitude to all of you who have submitted bugs to the Google Play Security Reward Program over the past few years. Your contributions have been invaluable in helping us to improve the security of Android and Google Play.
As a result of the overall increase in the Android OS security posture and feature hardening efforts, we’ve seen fewer actionable vulnerabilities reported by the research community. Due to this decrease in actionable vulnerabilities reported, we are winding down the GPSRP program. The GPSRP program will end on August 31st. Any reports submitted before then will be triaged by September 15th. Final reward decisions will be made before September 30th when the program is officially discontinued. Final payments may take a few weeks to process.
I want to assure you that all of your reports will be reviewed and addressed before the program ends. We greatly value your input and want to make sure that any issues you have identified are resolved.
Thank you again for your support of the GPSRP program. We hope that you will continue working with us, on programs like the Android and Google Devices Security Reward Program.
Best regards,
Tony
On behalf of the Android Security Team”
为了不影响原文性,邮件内容采用原英文版,需要中文的朋友可以用浏览器自带的机翻试试。
![[WIN] Shotcut v24.09.13 中文多语言版](https://www.pcsofter.com/wp-content/uploads/2022/11/2023040109545947.jpg)
![[WIN] Intel Chipset Device Software v10.1.19867.8574](https://www.pcsofter.com/wp-content/uploads/2024/09/2024091415591664.webp)
