Google has now increased the bounty for finding a bug in their Android operating system to as much as $200,000, according to reports.
Days after a malware attack called “Judy” hit and affected over 30 million Android phones, Google is stepping up their bounty program. Google started the bug bounty program for Android nearly two years ago. Ultimately, it centers around a simple premise, similar to other programs in the tech industry, the Android Security Rewards program pays people who find bugs in the Android operating software. Google uses that information to fix the bug and avoid potential exploits by malicious hackers.
So far, Google has paid security researchers more than $1.5 million since the program started. In an effort to attract more engineers and researchers to the program, Google has decided to increase the reward. The first reward is for remote kernel exploits, which could give unauthorized users the ability to hack and gain control of Android devices or steal an individual’s personal data. Google has increased the reward bounty for this type of bug from $30,000 to $150,000.
The second is for Trust Zone and Verified Boot bugs. Trust Zone is a system that ensures security software, biometric data, fingerprint scans and system settings are secure. Meanwhile, Verified Boot compromises ensure that the phone’s software has not been altered. Google has raised their reward for this type of bug from $50,000 to $200,000 in order to prevent hackers from exploiting two critical areas of the Android Operating Software.
According to cyber security firm Check Point, dozens of apps infected with malware were downloaded between 4.5 million to 18.5 million times from the Play Store. Some of the male-ware affected apps were reportedly living on the Google Play Store for several years. Moreover, “Judy” is just one type of malware and example of how an open mobile operating system can be exploited by hackers.