According to cyber security firm Check Point, dozens of malicious apps were downloaded between 4.5 million to 18.5 million times from the Play Store. It was noted that the malicious code was present hidden in some apps since April 2016, undetected by Google. Google has now removed the infected apps from the PlayStore. “Judy” is one such case of how an open and free mobile operating system (OS) can be exploited by malicious app developers. Tech companies such as Apple, Facebook, Microsoft, and Google have paid out millions of dollars in bug bounty programs over the past few years. Google started the bug bounty program for Android about two years ago in which the security researchers, who demonstrate an exploit, get a cash prize — the amount of which varies based on the severity of the hack. Since then the reward value has been increased from $50,000 to up to $200,000. The increased reward applies to two bounties: one for vulnerabilities in TrustZone or Verified Boots, and the other for a remote Linux kernel exploit. Among them, TrustZone or Verified Boot is a matter of serious concern than the Linux exploit, as reported by Extreme Tech. TruztZone is chipset related technology, which ensures biometric data, DRM and boot settings are kept in a trusted secure environment. On the other Verified Boot is software related, to ensure the OS has not tampered with each time a device starts up. Google has increased the bounty for both TrustZone and Verified Boot from $50,000 to $200,000. It is speculated that Google will further increase the reward price if it again fails to get to a working exploit for Android’s core components.