Answer the question
In order to leave comments, you need to log in
What will be the publication of a vulnerability/bug to the public?
Let's say I found a way to bypass the data transfer rate limit after the TELE2 operator has reached the traffic limit. If I release an application for android (requires root access) and start promoting it / receiving money from advertising, what are the scenarios?
I assume the following:
- Elimination of a bug / vulnerability on the part of the operator, and forgot about it
- Search for the creator of the application to punish him / initiate a criminal case
- Search for the creator of the application to encourage / hire him
Answer the question
In order to leave comments, you need to log in
Usually done like this, a bug hunter finds a vulnerability, studies it. Then he notifies those in whose structure this vulnerability is located, waits for some time, if there is no progress to eliminate the vulnerability - publishes an article on a thematic resource, uses vulnerabilities, scores on this matter - everything is within his imagination.
However, there is responsibility for actions. If the communication contract contains clauses on abnormal actions regarding communication services, then they can do it for it. The best profit in the first place is the compilation of articles, gaining experience and fame as a specialist, and only then the benefit received from oversights.
- Search for the creator of the application to punish him / initiate a criminal case
If the agreement prohibits the use of this, but due to some error it is technically possible, then making a significant profit from this bug or writing a program to exploit it for personal gain is already a criminal offense under Russian law.
There is a way to beautifully resolve the situation. To do this, you need to compose a competent disclaimer, add it to the license from above , add it to the description on Makret (or any site where the publication takes place) from above , even if this somewhat contradicts the marketing approach, and add a pop-up window with this text in large size to the application itself font so that the window cannot be closed earlier than after N (let's say N = 5) seconds and so that the application functionality becomes available only after the user clicks on the "I accept the terms" button.
In the disclaimer itself, indicate that the user is personally fully responsible for any consequences of using this software and possible damage to a third party ... In general, google "as is, disclaimer" and translate.
The provider itself, of course, will not stop trying to put pressure on you and on the sites that host your software by any means. Be prepared that your application will crash from the Market very quickly. But if you arrange everything correctly and do not use your own software yourself;) then, according to the law, you will actually have nothing to show. Although attempts are possible on their part, but basically it is just intimidation.
If you decide to do this, then you better improve your legal literacy or find a person who is well versed in these issues.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question