FreshRSS

Zobrazení pro čtení

Jsou dostupné nové články, klikněte pro obnovení stránky.

Google Play will no longer pay to discover vulnerabilities in popular Android apps

  • Google has announced that it is winding down the Google Play Security Reward Program.
  • The program was introduced in late 2017 to incentivize security researchers to find and responsibly disclose vulnerabilities in popular Android apps.
  • Google says it is winding down the program due to a decrease in actionable vulnerabilities reported by security researchers.


Security vulnerabilities are lurking in most of the apps you use on a day-to-day basis; there’s just no way for most companies to preemptively fix every possible security issue because of human error, deadlines, lack of resources, and a multitude of other factors. That’s why many organizations run bug bounty programs to get external help with fixing these issues. The Google Play Security Reward Program (GPSRP) is an example of a bug bounty program that paid security researchers to find vulnerabilities in popular Android apps, but it’s being shut down later this month.

Google announced the Google Play Security Reward Program back in October 2017 as a way to incentivize security searchers to find and, most importantly, responsibly disclose vulnerabilities in popular Android apps distributed through the Google Play Store.

When the GPSRP first launched, it was limited to a select number of developers who were only allowed to submit eligible vulnerabilities that affected applications from a small number of participating developers. Eligible vulnerabilities include those that lead to remote code execution or theft of insecure private data, with payouts initially reaching a maximum of $5,000 for vulnerabilities of the former type and $1,000 for the latter type.

Over the years, the scope of the Google Play Security Reward Program program expanded to cover developers of some of the biggest Android apps such as Airbnb, Alibaba, Amazon, Dropbox, Facebook, Grammarly, Instacart, Line, Lyft, Opera, Paypal, Pinterest, Shopify, Snapchat, Spotify, Telegram, Tesla, TikTok, Tinder, VLC, and Zomato, among many others.

In August 2019, Google opened up the GPSRP to cover all apps in Google Play with at least 100 million installations, even if they didn’t have their own vulnerability disclosure or bug bounty program. In July 2019, the rewards were increased to a maximum of $20,000 for remote code execution bugs and $3,000 for bugs that led to the theft of insecure private data or access to protected app components.

Google Play Security Reward Program eligible vulnerabilities

Credit: Mishaal Rahman / Android Authority

The purpose of the Google Play Security Reward Program was simple: Google wanted to make the Play Store a more secure destination for Android apps. According to the company, vulnerability data they collected from the program was used to help create automated checks that scanned all apps available in Google Play for similar vulnerabilities. In 2019, Google said these automated checks helped more than 300,000 developers fix more than 1,000,000 apps on Google Play. Thus, the downstream effect of the GPSRP is that fewer vulnerable apps are distributed to Android users.

However, Google has now decided to wind down the Google Play Security Reward Program. In an email to participating developers, such as Sean Pesce, the company announced that the GPSRP will end on August 31st.

The reason Google gave is that the program has seen a decrease in the number of actionable vulnerabilities reported. The company credits this success to the “overall increase in the Android OS security posture and feature hardening efforts.”

The full email sent to developers is reproduced below:

“Dear Researchers,

 

I hope this email finds you well. I am writing to express my sincere gratitude to all of you who have submitted bugs to the Google Play Security Reward Program over the past few years. Your contributions have been invaluable in helping us to improve the security of Android and Google Play.

 

As a result of the overall increase in the Android OS security posture and feature hardening efforts, we’ve seen fewer actionable vulnerabilities reported by the research community. Due to this decrease in actionable vulnerabilities reported, we are winding down the GPSRP program. The GPSRP program will end on August 31st. Any reports submitted before then will be triaged by September 15th. Final reward decisions will be made before September 30th when the program is officially discontinued. Final payments may take a few weeks to process.

 

I want to assure you that all of your reports will be reviewed and addressed before the program ends. We greatly value your input and want to make sure that any issues you have identified are resolved.

 

Thank you again for your support of the GPSRP program. We hope that you will continue working with us, on programs like the Android and Google Devices Security Reward Program.

 

Best regards,

Tony

On behalf of the Android Security Team”

In September of 2018, nearly a year after the GPSRP was announced, Google said that researchers had reported over 30 vulnerabilities through the program, earning a combined bounty of over $100k. Approximately a year later, in August of 2019, Google said that the program had paid out over $265k in bounties.

As far as we know, the company hasn’t disclosed how much they’ve paid out to security researchers since then, but we’d be surprised if the number isn’t notably higher than $265k given how long it’s been since the last disclosure and the number of popular apps in the crosshairs of security researchers.

Google shutting down this program is a mixed bag for users. On one hand, it means that popular apps have largely gotten their act together, but on the other hand, it means that some security researchers won’t have the incentive to disclose any future vulnerabilities responsibly, especially if those vulnerabilities impact an app made by a developer who doesn’t run their own bug bounty program.

Bundles are tossing a wrench into the works of Android sideloading

  • Software previously available as single APKs can now only be found as app bundles.
  • Bundles, while efficient to download, make distribution outside the Play Store much more difficult.

When’s the last time you sideloaded an app on Android? The ability for users to directly install software they’ve acquired themselves (as opposed to finding it through the platform’s approved app store) is one of the core tenets that distinguishes Android from the likes of iOS. But just because it’s possible doesn’t always mean it’s a good idea — to say nothing of easy. But now Google seems to be tweaking its approach to app distribution in a way that threatens to be a serious thorn in the side of sideloading.

Historically, you’ve been able to manually install Android apps by means of an APK file: a single file that packaged up all an app’s resources in an convenient, easy-to-distribute format. Problem is, apps are far from one-size-fits-all, and trying to accommodate everyone all at once quickly becomes unwieldly. Back in 2018, Google rethought this approach and came up with a more modular solution: Android App Bundles.

What’s next for Google Play Store AI review summaries (APK teardown)

  • The Google Play Store appears to be getting ready to include AI-generated review summaries in app listings.
  • These would join the AI summaries in searches and the “App highlights” block we already have.
  • Rather than just collating the most popular opinions expressed in reviews, this condenses them down into a single, new voice.

Google is on a bit of an AI kick right now, to put it mildly, finding reason to augment every nook of cranny of its software and services with (admittedly, often impressive) AI-powered functionality. The Play Store has been as much a target as any for these experiments, like with the App highlights feature we saw Google start playing around with several months back. For over a year now, Google’s been talking about using AI to summarize Play Store reviews, and after getting to see how that works in the app’s search mode, we’re now discovering how the next phase of those summaries could arrive.

When delivering Google Play’s most recent quarterly address, VP Sam Bright touched on the company’s progress with AI in the Play store, including the desire to get more of this AI-derived content in detailed app listings themselves. Sure enough, digging through Play Store version 42.1.21 we find new text strings for labeling information as “Summarized by Google AI.” And with the right flags enabled, we can get just such an AI-generated summary to appear at the top of user-written reviews:

Google's recent Play Store changes are exactly what it doesn't need

I'm just going to say it. I've never liked the Play Store. In my humble opinion, it has always been awful for discovering quality apps and games, and has only grown worse over the years. Instead of actually helping users find good apps and games that don't break the bank, it feels more like Google is only interested in pushing everyone towards subscription apps and games filled with gambling. Of course, this setup lines Google's pockets with a hefty share of profits, which means it is incentivized to push what makes it the most money instead of what users find useful.

Google Play could soon help you fix Play Protect certification issues (APK teardown)

Google Play Store logo on smartphone stock photo (5)

Credit: Edgar Cervantes / Android Authority

  • Google Play could soon get a new feature to help fix Play Protect certification issues.
  • The feature is currently in development, but we’ve managed to get an early look at it in the latest Google Play Store release.
  • The upcoming “Fix device issue” button will run a few checks to address Play Protect certification issues or provide details about why a device is not certified.


Google Play might soon help users fix issues resulting in a failed Play Protect certification. We’ve spotted an upcoming feature in Google Play Store version 42.1.21 that could either address the Play Protect certification error or provide details about why a device is not certified.

The latest Play Store release includes evidence suggesting that Google could add a new “Fix device issue” button to the Play Protect certification option in the Play Store settings. This button will likely appear on devices that fail the Play Protect certification, and let users address the issue by performing a few checks.

As you can see in the following video, the feature delivered a “Couldn’t fix device certification issue” on our test device. It also showed a “Reason code” that states the device did not meet Play Integrity requirements, along with a link to a support page highlighting how users can fix Play Protect certification status issues.

At the moment, we are unaware of the checks the feature runs to fix the Play Protect certification issue. We’ll let you know as soon as we have more details. Until then, if you’re getting a Play Protect certification error on your device, you may want to try registering your device by submitting your Google Services Framework Android ID on this Device registration page.

Google may soon allow you to update sideloaded Android apps via the Play Store

You may soon have the ability to update the sideloaded apps on your Android device via the Play Store. Android Authority reports that a teardown of the Play Store version 42.0.18 APK appears to indicate that Google will introduce the option in a future release. Apps that have been sideloaded display an “Update from Play” […]

The post Google may soon allow you to update sideloaded Android apps via the Play Store appeared first on Liliputing.

Google halts plans to support more real-money gaming apps on the Play Store

Google Play Store logo on smartphone stock photo.

Credit: Edgar Cervantes / Android Authority

  • Google has put a hold on its plans to support more types of real-money gaming apps on the Play Store.
  • The announcement comes just days before the scheduled expansion in India, Brazil, and Mexico.


Google has been running pilot programs to support real-money gaming (RMG) apps on the Play Store in several regions for a while now. Earlier this year, the company announced it would expand support for more game types and operators in India, Brazil, and Mexico starting in July. But it has now paused the expansion citing challenges in markets that lack proper licensing frameworks.

TechCrunch reports that Google is keen on supporting more types of RMG apps on the Play Store, but it has faced issues identifying the type of games allowed in markets that don’t have a central body to approve such apps. The company seems to have taken this step to avoid unwanted regulatory hurdles.

In a statement outlining the development, a Google spokesperson had this to say:

Expanding our support of real-money gaming apps in markets without a central licensing framework has proven more difficult than expected and we need additional time to get it right for our developer partners and the safety of our users. Google Play remains deeply committed to helping all developers responsibly build new businesses and reach wider audiences across a variety of content types and genres.

The company has clarified that while it won’t expand support for new types of RMG apps, those released as part of the pilot program in India will continue to operate. It isn’t immediately clear if this also applies to apps released during the pilot program in Mexico.

Although Google may have paused the expansion, it’s still trying to develop a suitable framework to offer a wider range of RMG apps on the Play Store. It is also working on introducing a new service fee structure for such apps, but it has yet to work out all the details.

Google Play Store is rolling out a new badge for government-made apps

google play government badges
Credit: Google
  • Google is rolling out a new badge for official state and federal government-made apps.
  • Over 3,000 apps from 12 countries are receiving the badge starting today.
  • The Play Store had previously been testing the feature with a small percentage of users.

Knowing whether an app is legit or not can sometimes be a little tricky. To make it easier to tell, at least for apps made by state and federal governments, the Google Play Store is rolling out a new badge.

Starting today, apps made by state and federal governments are getting a new government badge to help users better identify official apps. The company states that at launch, users will be able to see the badge on over 3,000 government apps from 12 different countries. These countries include:

Google Play Store may let you download more than one app at a time

Google Play Store logo on smartphone stock photo (1)
Credit: Edgar Cervantes / Android Authority
  • Google appears to be working on adding parallel downloads for the Google Play Store.
  • The number of simultaneous downloads is restricted to two, but can be expanded to five by through a flag.
  • Parallel downloads appear not to work with app updates.

When you download more than one app from the Google Play Store, you have to wait for one app to finish before the next one starts the download process. But that could change in the future with the implementation of parallel downloads.

As discovered by TheSpAndroid, Google appears to be working on allowing users to download multiple apps at once in the Google Play Store. This isn’t the first time the tech giant has toyed around with this functionality, but it looks like Google is experimenting with the idea again in version 40.0.13.

Here’s why the Play Store went down for some users yesterday

Google Play Store logo on smartphone stock photo (1)

Credit: Edgar Cervantes / Android Authority
  • Google has briefly explained why the Play Store went down for some users yesterday.
  • A source also revealed that Meta’s outages resulted in more Google visitors, causing issues for Google as a result.

The Google Play Store briefly went down for some users yesterday, leaving them unable to browse or download apps. This also came during a Facebook and Instagram outage. Now, Google has revealed what happened.

5 things the Google Play Store desperately needs to improve

One of the most vital apps on our Android devices is the Google Play Store. It's the beating heart of the Android ecosystem that serves as an open marketplace for applications and games, both good and bad. So you would think that such an important service would be kept in good standing with its users and developers, keeping devs and users happy and engaged, which makes the Play Store's decline even more glaring. Google has let the service slip into too many bad habits, from a lack of quality control to aggressive use of ads, making the user experience a nightmare as a result.

Photomath: Google’s latest app on the Play Store is an AI math solver

  • Google adds Photomath, a popular AI math-solving tool, to its app lineup.
  • Photomath lets users solve math problems by taking pictures of them.


Google’s latest app marks another step towards AI-powered productivity tools becoming commonplace. This app aims to help users solve difficult math problems.

Photomath, a popular math-solving app, was acquired by Google in May 2022. The acquisition was finalized last summer after regulatory approval. First spotted by 9to5Google, Photomath has now transitioned to Google’s publisher account on both the Play Store and Apple’s App Stores for iOS/iPadOS this week.

Originally launched in Croatia in 2014, Photomath has garnered over 100 million downloads and boasts a 4.5-star rating on the Play Store and a 4.8-star rating on the App Store. The app empowers users to solve a wide range of mathematical problems, from elementary math to calculus, simply by taking a picture of the equation or word problem. It provides step-by-step explanations, making it a valuable tool for students and learners of all ages.

Photomath AI Math solver

Credit: Photomath

Photomath’s popularity stems from its speed, accuracy, and user base, and it seems to be one of the most successful apps in its category globally. There is also a “Photomath Plus” subscription option that ranges from $9.99 per month or $69.99 annually. This subscription unlocks extra features like textbook solutions, animated tutorials, and in-depth explanations.

What’s in it for Google?

You may have noticed, or even used the “Homework” filter on Google Lens for solving problems. Google Search also offers dedicated support for complex math topics. Photomath’s acquisition could signify Google’s plans to strengthen its AI capabilities further across its products. Photomath’s AI — adept at recognizing text, solving problems, and interpreting results — could be integrated into Google’s existing products like Lens and Search, enhancing their text recognition and problem-solving functionalities.

As the AI assistant wars heat up, Google will leave no stone unturned to outpace Microsoft’s leading AI product, ChatGPT. Photomath’s specialized math AI, coupled with Google’s own AI endeavors like Gemini, holds the potential to create a truly do-it-all AI assistant.

Google Play Store tests AI feature that cuts through app description fluff

Google Play Store app on smartphone UI stock photo (1)

Credit: Edgar Cervantes / Android Authority

  • Google appears to be testing a new AI-powered feature in the Play Store called “App Highlights.”
  • The feature briefly summarizes the key points of an app that you can view at a glance.
  • App Highlights is only available to selected users.


As Google continues to find ways to put AI into everything it does, it’s a little surprising we haven’t seen more AI features in the Play Store. But that could soon change as Google appears to be testing a new AI-powered summary feature in the marketplace.

According to Android expert AssembleDebug on X (formerly Twitter), Google is in the midst of testing an AI feature called “App Highlights.” It appears the purpose of App Highlights is to highlight key aspects of an app to provide a quick summary of what it is about.

Since this feature is being tested in a server-side rollout, only select users are being given access to it. If you’re one of the users who was selected, you’ll see the feature on the details page of whatever app you tap on, right below the install button.

Google Play Store testing AI based App Highlights features

This new addition – App Highlights using AI provides users the highlights of the app on the details page. This is similar to the AI based FAQ’s feature which I shared about back in January.#Google #Ai #Android pic.twitter.com/77RuyT41Mi

— AssembleDebug (@AssembleDebug) February 19, 2024

Earlier this year, Google tested a similar AI-powered FAQ section in the Play Store. However, that FAQ feature was located near the bottom of the details page and offered lengthy descriptions.

It’s clear that Google believes it can use AI to give you the information you need before downloading an app. We’ll have to wait and see if Google decides to make either of these AI tools available to everyone.

Google Play Store tests AI feature that cuts through app description fluff

Google Play Store app on smartphone UI stock photo (1)
Credit: Edgar Cervantes / Android Authority
  • Google appears to be testing a new AI-powered feature in the Play Store called “App Highlights.”
  • The feature briefly summarizes the key points of an app that you can view at a glance.
  • App Highlights is only available to selected users.

As Google continues to find ways to put AI into everything it does, it’s a little surprising we haven’t seen more AI features in the Play Store. But that could soon change as Google appears to be testing a new AI-powered summary feature in the marketplace.

According to Android expert AssembleDebug on X (formerly Twitter), Google is in the midst of testing an AI feature called “App Highlights.” It appears the purpose of App Highlights is to highlight key aspects of an app to provide a quick summary of what it is about.

❌