Total Reports:15
Total Valid Reports:9
Simeji


- Program
- Simeji
- Program Logo
-
- Period
- 2016/03/02 〜 2016/05/30
- Total Bounties
- ¥1,500,000
- Bounty Range
- ¥10,000 ~ ¥300,000
- Rules
- Only test for vulnerabilities on application stipulated in scope section. Any vulnerabilities reported on applications out-of-scope are not eligible for bounty rewards. Any vulnerability test against domains out-of-scope are explicitly prohibited.
Any violation of the Terms of Service of the “BugBounty.jp”, and/or performance of DoS (Denial of Service)attack or equivalent act that can degrade the performance of our service are also explicitly prohibited.
The vulnerability scope of this program is limited. Please note that reports of vulnerabilities not listed here are not eligible for bounty rewards. For more details, please refer to the “Bounty Payments” - Scope
-
The following applications are in-scope for this program.
Simeji - Japanese Keyboard with Emoticons
Simeji
・iOS
https://itunes.apple.com/jp/app/id899997582?mt=8
・Android
https://play.google.com/store/apps/details?id=com.adamrocker.android.input.simeji
As for the Android, bounty rewards will be eligible from version 10.0.3.
Simeji Pro (Limited to iOS)
https://itunes.apple.com/jp/app/id959791915?mt=8
※1 Test against server that connect application are explicitly excluded from this program.
※2 Desktop version of the Simeji for Windows(β)are out-of-scope.
- Eligible
For Bounty -
The following vulnerabilities are eligible to receive bounty reward.
1. Hijack smartphone
Hijack: Ability to call or send SMS, email, activate camera, spy camera, or eavesdropping despite the intention of the user.
2. Unauthorized access (Ability to gain access to information without permission.)
: Information submitted when applying for Android / At the privacy setting on iOS
(Ability to gain device information despite what user have granted permission on the Settings>Privacy)
: Ability to gain access to information that user haven’t allowed to be sent on Simeji.
3. Use of “Moplus SDK”
(1) Application contain the source code of “Moplus SDK”
(2) Ability to execute “Moplus SDK” functions (If application are using “Moplus SDK”)
The following guidelines the bounty amount for in-scope vulnerabilities.
〜 ¥300,000 per vulnerability
4. Report of vulnerabilities not listed above may be eligible for the bounty (¥10,000-) - Not Eligible
For Bounty - No special mention
- Notes
- For eligibility details, please refer to the "Terms of Service Article 4" of this site.
Bounty Reward History
-
2016/04/05 16:26
paid for mage 's report
-
2016/03/29 16:21
paid for kamikaze 's report
-
2016/03/29 16:12
paid for mage 's report
-
2016/03/29 16:07
paid for mage 's report
-
2016/03/16 15:48
paid for mage 's report
-
2016/03/16 15:46
paid for mage 's report
-
2016/03/16 15:45
paid for mage 's report
-
2016/03/14 13:53
paid for mage 's report
-
2016/03/10 15:17
paid for Paresh 's report