Unfortunately it does not work that way. They are meant to be vulnerabilities exploiting Android through the app, not backdoors in the app. It is meant to secure the Android OS, not to secure the app.
There's a separate program for bugs in the Android OS, this program did pay for finding bugs in the app to secure the app. Also the mitigation for people abusing the program is that they only pay for bugs in popular apps, it's unlikely for a major app dev to be backdooring their code just to try and scam this bounty program