Hoping to attract more researchers and engineers to the bug bounty programme, US-based internet search firm, Google Corp. according to media report has increased its bounty to USD$200,000. This follows after a malware called Judy hit over 36.5 million Android-based phones, hence prompting the search firm to increase the bounty for finding a bug in Android Operating System (OS).
Judy is one such case of how an open and free mobile operating system (OS) can be exploited by malicious app developers.
According to Check Point, dozens of malicious apps were downloaded between 4.5 million to 18.5 million times from the Play Store. Some of the malware-affected apps have been discovered residing on the online store for several years.
Most security flaws we hear about now affect old builds of the OS or require clever social engineering to get the user to weaken device security, ExtremeTech reported on Friday.
The versions of Android being released now are more secure than what Google was putting out years ago and as a result no one has managed to claim Google’s largest bug bounties for Android.
Notably, Google started the bug bounty programme for Android about two years ago in which the security researchers, who demonstrate an exploit, get a cash prize — the amount of which varies based on the severity of the hack. Then, Google gets to fix the bug and avoid future security issues.
