Days after a malware called “Judy” hit over 36.5 million Android-based phones, Google has now increased the bounty for finding a bug in Android OS to as much as $2,00,000, a media report has said.
According to cyber security firm Check Point, dozens of malicious apps were downloaded between 4.5 million to 18.5 million times from the Play Store. Some of the malware-affected apps have been discovered residing on the online store for several years.
“Judy” is one such case of how an open and free mobile operating system (OS) can be exploited by malicious app developers.
Most security flaws we hear about now affect old builds of the OS or require clever social engineering to get the user to weaken device security, technology website extremetech.com reported on Friday.
The versions of Android being released now are more secure than what Google was putting out years ago and as a result no one has managed to claim Google’s largest bug bounties for Android.
Hoping to attract more researchers and engineers to the bug bounty programme, the company has increased the rewards to up to $2,00,000.
Google started the bug bounty programme for Android about two years ago in which the security researchers, who demonstrate an exploit, get a cash prize — the amount of which varies based on the severity of the hack.
Then, Google gets to fix the bug and avoid future security issues. Still, no one has submitted a working exploit for Android’s core components, even when such an exploit is worth $30,000-$50,000, the report said.