Alphabet’s Google will start paying hackers up to $200,000 who report vulnerabilities in its mobile operating system Android.
Android is known for its poor security issues, especially with the older versions of the OS. Although, the latest build of Android are vastly secure than what Google was putting out on smartphones years ago, it still has not managed to found the largest bug on the software. As a result, the company has increased the reward value of its “bug bounty” program to as much as $200,000, hoping to attract more software engineers and researcher.
The announcement of increasing the reward value comes a week after a malware called “Judy” hit over 36.5 million of Android users. The malware was discovered by a security research firm CheckPoint. According to the security firm, the malware infected over 41 apps available at the Google PlayStore. It was noted that the malicious code was present hidden in some apps since April 2016, undetected by Google. Google has now removed the infected apps from the PlayStore.
Technology companies such as Apple, Facebook, Microsoft and Google have paid out millions of dollars in bug bounty programs over the past few years. Under the program, security researcher who can demonstrate an exploit takes away a cash prize, the amount of which varies based on the severity of the hack.
Google started the bug bounty program for Android about two years ago, since then the reward value has been increased from $50,000 to up to $200,000.
The increased reward applies to two bounties: one for vulnerabilities in TrustZone or Verified Boots, and the other for a remote Linux kernel exploit. Among them, TrustZone or Verified Boot is a matter of serious concern than the Linux exploit, reported Extreme Tech. TruztZone is chipset related technology, which ensures biometric data, DRM and boot settings are kept in a trusted secure environment. On the other Verified Boot is software related, to ensure the OS has not been tampered with each time a device starts up. Google has increased the bounty for both TrustZone and Verified Boot from $50,000 to $200,000.
It is speculated that Google will further increase the reward price if it again fails to get to a working exploit for Android’s core components.