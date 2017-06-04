It was then limited to the Nexus 6 phone and Nexus 9 tablet, the only devices which run Google’s stock-version Android.

Therefore, Google increased the bug bounty to $200,000 days after reports surfaced that a malware called “Judy” has hit over 36.5 million Android phones, making the devices vulnerable to illegal access.

The Android owner revealed the list in a blog post where the company announced it was bumping up the top tier of its Android Security Rewards program.

Do you know that you can get paid for finding security issues in Android?

A remote exploit chain or exploit leading to TrustZone or Verified Boot compromise will be quadrupled to $200,000, while a remote kernel exploit quintuples to $150,000.

On average, the company paid $2,150 per successful bug report and $10,209 per researcher. Google was previously paying $30,000 for this type of bug report.

The second is for Trust Zone and Verified Boot bugs. Apparently, no researchers have claimed the top reward for an exploit chain in two years.

According to cyber security firm Check Point, dozens of malicious apps were downloaded between 4.5 million to 18.5 million times from the Play Store.

Check Point went on to say that the actual spread of the apps is still not known as they have been residing on Play Store for years undetected. Moreover, “Judy” is just one type of malware and example of how an open mobile operating system can be exploited by hackers.