Program

Simeji

¥

P

Total Reports 15

Total Valid Reports 9

  • Program
    Simeji
    Report Submission Period
    2016/03/02 〜 2016/05/30
    Total Bounties
    ¥1,500,000
    Bounty Range
    ¥10,000¥300,000
    Rules
    Only test for vulnerabilities on application stipulated in scope section. Any vulnerabilities reported on applications out-of-scope are not eligible for bounty rewards. Any vulnerability test against domains out-of-scope are explicitly prohibited.

    Any violation of the Terms of Service of the “BugBounty.jp”, and/or performance of DoS (Denial of Service)attack or equivalent act that can degrade the performance of our service are also explicitly prohibited.

    The vulnerability scope of this program is limited. Please note that reports of vulnerabilities not listed here are not eligible for bounty rewards. For more details, please refer to the “Bounty Payments”
    Scope
    The following applications are in-scope for this program.

    Simeji - Japanese Keyboard with Emoticons

    Simeji
    ・iOS
     https://itunes.apple.com/jp/app/id899997582?mt=8
    ・Android
     https://play.google.com/store/apps/details?id=com.adamrocker.android.input.simeji
     As for the Android, bounty rewards will be eligible from version 10.0.3.

    Simeji Pro (Limited to iOS)
     https://itunes.apple.com/jp/app/id959791915?mt=8

    ※1 Test against server that connect application are explicitly excluded from this program.
    ※2 Desktop version of the Simeji for Windows(β)are out-of-scope.
    Eligible For Bounty
    The following vulnerabilities are eligible to receive bounty reward.

    1. Hijack smartphone
     Hijack: Ability to call or send SMS, email, activate camera, spy camera, or eavesdropping despite the intention of the user.

    2. Unauthorized access (Ability to gain access to information without permission.)
     : Information submitted when applying for Android / At the privacy setting on iOS
      (Ability to gain device information despite what user have granted permission on the Settings>Privacy)
     : Ability to gain access to information that user haven’t allowed to be sent on Simeji. 

    3. Use of “Moplus SDK”
     (1) Application contain the source code of “Moplus SDK”
     (2) Ability to execute “Moplus SDK” functions (If application are using “Moplus SDK”)

    The following guidelines the bounty amount for in-scope vulnerabilities.
    〜 ¥300,000 per vulnerability

    4. Report of vulnerabilities not listed above may be eligible for the bounty (¥10,000-)
    Not Eligible For Bounty
    No special mention
    Notes
    For eligibility details, please refer to the "Terms of Service Article 4" of this site.
    • paid for mage 's report
      granted for mage 's report
      2016/04/05 16:26

    • paid for kamikaze 's report
      granted for kamikaze 's report
      2016/03/29 16:21

    • paid for mage 's report
      granted for mage 's report
      2016/03/29 16:12

    • paid for mage 's report
      granted for mage 's report
      2016/03/29 16:07

    • paid for mage 's report
      granted for mage 's report
      2016/03/16 15:48

    • paid for mage 's report
      granted for mage 's report
      2016/03/16 15:46

    • paid for mage 's report
      granted for mage 's report
      2016/03/16 15:45

    • paid for mage 's report
      granted for mage 's report
      2016/03/14 13:53

    • paid for Paresh 's report
      granted for Paresh 's report
      2016/03/10 15:17