Days after a malware called “Judy” hit over 36.5 million Android-based phones, Google has now increased the bounty for finding a bug in Android OS to as much as $2,00,000, a media report has said.
According to cyber security firm Check Point, dozens of malicious apps were downloaded between 4.5 million to 18.5 million times from the Play Store. Some of the malware-affected apps have been discovered residing on the online store for several years. “Judy” is one such case of how an open and free mobile operating system (OS) can be exploited by malicious app developers.
Most security flaws we hear about now affect old builds of the OS or require clever social engineering to get the user to weaken device security, technology website extremetech.com reported on Friday. The versions of Android being released now are more secure than what Google was putting out years ago and as a result no one has managed to claim Google’s largest bug bounties for Android.
Hoping to attract more researchers and engineers to the bug bounty programme, the company has increased the rewards to up to $2,00,000.Google started the bug bounty programme for Android about two years ago in which the security researchers, who demonstrate an exploit, get a cash prize — the amount of which varies based on the severity of the hack.
Then, Google gets to fix the bug and avoid future security issues. Still, no one has submitted a working exploit for Android’s core components, even when such an exploit is worth $30,000-$50,000, the report said.
Source: https://indianexpress.com/article/technology/tech-news-technology/google-will-pay-upto-200000-for-finding-a-bug-in-android-os-4687639/
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.