From now on, Google is willing to pay up to $200,000 to white-hat hackers who uncover and report any data security vulnerabilities in Android, its mobile operating system.
In the past, there were a lot of those, especially in the older versions. However, the modern versions of Android are substantially more secure. Regardless of that, Google has not been able to uncover the largest bug in the software, which prompted them to increase the bug bounty reward to $200,000 in hopes this will attract more researchers and software engineers.
The announcement appeared a week after Judy, an Android malware, managed to infect over 36.5 million Android devices. It was discovered by CheckPoint, a data security research company. Supposedly, the malware was hidden in certain apps, and remained undetected since 2016. Of course, these apps have already been removed from the PlayStore.
In the past couple of years, various technology companies, including Microsoft, Apple, Google, and Facebook, have paid out millions of dollars to white-hat hackers participating in their bug bounty programs. A security researcher able to demonstrate an exploit is rewarded with a cash prize, and the exact sum depends on the severity of the vulnerability.
Since starting the Android bug bounty program two years ago, Google has increased the reward from $50,000 to $200,000. Industry experts are speculating that in the event that no one is able to demonstrate a working exploit for Android’s core components, Google will increase the bug bounty reward once again.