A dangerous vulnerability has been found in a very popular mobile application. What to do?

D

Danil2021-02-25 11:59:28

Information Security

Danil, 2021-02-25 11:59:28

Quite by accident, a dangerous vulnerability was discovered in the business logic of one very popular mobile application, which allows you to get personal data and correspondence of any of its users. 100% self-tested (for research purposes only, subject to user consent). Well, of course, that very precious time was spent on checking this vulnerability and developing an algorithm, as well as recommendations for its elimination.

Are there legitimate ways to get a (not) modest reward for the work done and helping a popular service, given that the use of this vulnerability by the "bad guys" and the leakage of user data can cost the service 100.......000$ in losses?

Of course, I mean legal methods :)

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

CityCat4, 2021-02-25
@rek888

and the account of these users can cost the service 100 ....... 000 $ losses

Maybe. But (you) better have someone else tell you about it. Because most likely, you will be accused of breaking and stealing.
It is worth contacting only if the service has a program to correct errors ("bugs bounty"), if not, and the application is popular, it is better to stop using it, insure yourself and not climb, well, or report from the left one-time email.
And as for the reward - this is what the classic writes, our Ivan Andreevich Krylov