BugBounty.jp

Program

Total Reports:15
Total Valid Reports:9

Simeji

  Bounty Point
Program
Simeji
Program Logo
Program Logo
Period
2016/03/02 〜 2016/05/30
Total Bounties
¥1,500,000
Bounty Range
¥10,000¥300,000
Rules
Only test for vulnerabilities on application stipulated in scope section. Any vulnerabilities reported on applications out-of-scope are not eligible for bounty rewards. Any vulnerability test against domains out-of-scope are explicitly prohibited.

Any violation of the Terms of Service of the “BugBounty.jp”, and/or performance of DoS (Denial of Service)attack or equivalent act that can degrade the performance of our service are also explicitly prohibited.

The vulnerability scope of this program is limited. Please note that reports of vulnerabilities not listed here are not eligible for bounty rewards. For more details, please refer to the “Bounty Payments”
Scope
The following applications are in-scope for this program.

Simeji - Japanese Keyboard with Emoticons

Simeji
・iOS
 https://itunes.apple.com/jp/app/id899997582?mt=8
・Android
 https://play.google.com/store/apps/details?id=com.adamrocker.android.input.simeji
 As for the Android, bounty rewards will be eligible from version 10.0.3.

Simeji Pro (Limited to iOS)
 https://itunes.apple.com/jp/app/id959791915?mt=8

※1 Test against server that connect application are explicitly excluded from this program.
※2 Desktop version of the Simeji for Windows(β)are out-of-scope.
Eligible
For Bounty
The following vulnerabilities are eligible to receive bounty reward.

1. Hijack smartphone
 Hijack: Ability to call or send SMS, email, activate camera, spy camera, or eavesdropping despite the intention of the user.

2. Unauthorized access (Ability to gain access to information without permission.)
 : Information submitted when applying for Android / At the privacy setting on iOS
  (Ability to gain device information despite what user have granted permission on the Settings>Privacy)
 : Ability to gain access to information that user haven’t allowed to be sent on Simeji. 

3. Use of “Moplus SDK”
 (1) Application contain the source code of “Moplus SDK”
 (2) Ability to execute “Moplus SDK” functions (If application are using “Moplus SDK”)

The following guidelines the bounty amount for in-scope vulnerabilities.
〜 ¥300,000 per vulnerability

4. Report of vulnerabilities not listed above may be eligible for the bounty (¥10,000-)
Not Eligible
For Bounty
No special mention
Notes
For eligibility details, please refer to the "Terms of Service Article 4" of this site.
Not accepting reports

Bounty Reward History

  • 2016/04/05 16:26

    paid for mage 's report

    報奨金 ポイント
  • 2016/03/29 16:21

    paid for kamikaze 's report

    報奨金 ポイント
  • 2016/03/29 16:12

    paid for mage 's report

    報奨金 ポイント
  • 2016/03/29 16:07

    paid for mage 's report

    報奨金 ポイント
  • 2016/03/16 15:48

    paid for mage 's report

    報奨金 ポイント
  • 2016/03/16 15:46

    paid for mage 's report

    報奨金 ポイント
  • 2016/03/16 15:45

    paid for mage 's report

    報奨金 ポイント
  • 2016/03/14 13:53

    paid for mage 's report

    報奨金 ポイント
  • 2016/03/10 15:17

    paid for Paresh 's report

    報奨金 ポイント
Not accepting reports

Baidu Japan

Available Program:
0
Closed Program:
2
Bounties Range:
¥ 5,000¥ 300,000
Reward Type:
Bounty Point

Top Hackers

ALL RANKING