JNJ Mobile welcomes working with the security community to resolve security vulnerabilities in order to keep our customers safe. We will make a best effort to respond to incoming reports and keep you informed about our progress toward resolving any issues.

Vulnerability Disclosure

• If you have identified a potential security vulnerability in our technology, please submit us a detailed report with reproducible steps.

• Follow HackerOne's disclosure guidelines.

• Social engineering (e.g. phishing, vishing, smishing) is prohibited.

• Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Rewards

• We do not offer a bug bounty at this time, but certain vulnerabilities with a working proof of concept on some of our Android mobile app(s) may qualify for a bounty through the Google Play Security Rewards Program. To see which apps and vulnerabilities may qualify for a bounty, please refer to the Google Play Security Rewards Program’s Scope and Vulnerability Criteria.