Headspace is participating in the Google Play Security Rewards Program. While we do not have a full disclosure program in place at this time, we are willing to accept reports that qualify for the Google Play Security Rewards Program, specifically what’s listed in our scope below.
For now, only Remote Code Execution vulnerabilities on our Android mobile app are in scope. The bug must work on Android 4.4 or later.
Any bug reports outside of this criteria will be closed out as Informative.
For more details on qualifying criteria, please see https://hackerone.com/googleplay.
Contact us if you want more information.