Only test for vulnerabilities on application stipulated in scope section. Any vulnerabilities reported on applications out-of-scope are not eligible for bounty rewards. Any vulnerability test against domains out-of-scope are explicitly prohibited.
Any violation of the Terms of Service of the “BugBounty.jp”, and/or performance of DoS （Denial of Service）attack or equivalent act that can degrade the performance of our service are also explicitly prohibited.
The vulnerability scope of this program is limited. Please note that reports of vulnerabilities not listed here are not eligible for bounty rewards. For more details, please refer to the “Bounty Payments”
The following applications are in-scope for this program.
Simeji - Japanese Keyboard with Emoticons
As for the Android, bounty rewards will be eligible from version 10.0.3.
Simeji Pro (Limited to iOS)
※1 Test against server that connect application are explicitly excluded from
※2 Desktop version of the Simeji for Windows（β）are out-of-scope.
The following vulnerabilities are eligible to receive bounty reward.
1. Hijack smartphone
Hijack: Ability to call or send SMS, email, activate camera, spy camera, or eavesdropping despite the intention of the user.
2. Unauthorized access (Ability to gain access to information without
: Information submitted when applying for Android / At the privacy setting on iOS
(Ability to gain device information despite what user have granted permission on the Settings>Privacy)
: Ability to gain access to information that user haven’t allowed to be sent on Simeji.
3. Use of “Moplus SDK”
(1) Application contain the source code of “Moplus SDK”
(2) Ability to execute “Moplus SDK” functions (If application are using “Moplus SDK”)
The following guidelines the bounty amount for in-scope vulnerabilities.
〜 ¥300,000 per vulnerability
4. Report of vulnerabilities not listed above may be eligible for the bounty (¥10,000-)
No special mention
For eligibility details, please refer to the "Terms of Service Article 4" of this site.
|Scope Type||Scope Name|
The progam has been crawled by Firebounty on 2018-04-11 and updated on 2019-09-26, 15 reports have been received so far.