Bug Bounties

Grindr

Powered by: 

Allows bounty splitting: 

Average time to first program response: 16

Average time to bounty awarded null: 373

Average time to report resolved: 224

Handle grindr

Managed program: true

Name: Grindr

Offers bounties: true

Offers swag: false

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/grindr

Website: https://www.grindr.com

In scope:

  • Asset identifier: *.dev.grindr.io
  • Asset type: URL
  • Availability requirement: low
  • Confidentiality requirement: low
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: Assets under *.dev.grindr.io are development and test systems; feel free to evaluate them, but severity levels will be reduced because we do not host customer data in these environments.
  • Integrity requirements: low
  • Max severity: medium



  • Asset identifier: *.grindr.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This domain includes the following subdomains: * Website (grindr.com). Note the Grindr website does not provide services found in the mobile application or any sort of user login. * Forgot password web ui (neo-account.grindr.com) * Chat server (chat.grindr.com, chat-internal.grindr.com). The chat server is written in Erlang/Elixer and makes use of the XMPP protocol with a few minor changes (non-standard XML stanza for authentication) that breaks XMPP client compatibility. XMPP connections generally do a series of back-and-forth exchanges to negotiate a feature set, then perform authentication. Grindr mobile clients instead send a <session/> tag containing a signed JWT token. Endpoint for connecting: wss://chat.grindr.com:2443/ws-xmpp. * ‘Presence’ server (presence.grindr.com). This service manages the availability notification of clients. Clients may view or subscribe to multiple rooms and only subscribed clients should be able to view group broadcast messages. Clients know which other users are in rooms to which they are subscribed. * CDN/media files (cdns.grindr.com). Exploits on endpoints images/profile/* or images/chat/* are particularly interesting. * Gaymoji image index (gaymoji.grindr.com) * Captcha snippets (captcha-prod.grindr.com) * Admin webapp (admin.grindr.com) * Law Enforcement reporting webapp (reporting-portal.grindr.com)
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.grindr.io
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This domain is used for development purposes.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.grindr.mobi
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This domain is used for backend API's. Issue an unauthenticated GET request to https://grindr.mobi/v3/bootstrap to get a list of service endpoints. The following endpoints are examples of the backend API endpoints to focus security research attention: General /v6/nonces /v4/domains/validation /v4/feature-configs /v4/links/ABC123 /v3/bootstrap /v3/experiments /v3/health /v3/logging/mobile/logs /v3/status /v3/version Account Creation, Logins and Passwords: /v3/sessions /v3/sessions/thirdparty /v6/users /v3/users/email /v3/users/forgot-password /v3/users/reset-password /v3/users/reset-password?request=true /v3/users/thirdparty /v3/users/thirdparty/exchange /v3/users/update-password /v4/sms/sessions /v4/sms/verifycode /v4/sms/users/update-password/sendcode /v4/sms/users/update-password /v4/sms/verification/500/sendcode /v4/sms/verification/{{profileId}}/verifycode Profiles /v5/favorites /v4/hashtags/valid /v4/hashtags/recommend /v4/me/blocks?page=1 /v4/me/muted-profiles /v4/me/profile/ /v4/profiles/{{myProfileId}} /v4/profiles/reachable /v4/profiles/status /v4/profiles/supportedFeatures/{{myProfileId}} /v4/profile-tags/categories /v3.1/blockby /v3.1/blockby/1001210 /v3.1/me/blocks /v3.1/me/profile /v3/me/blocks/1001210 /v3/me/favorites/3 /v3/me/legal-agreements /v3/me/profile /v3/me/prefs /v3/me/prefs/phrases /v3/me/prefs/phrases/bfc44381-c215-35f7-874a-ae512360836a /v3/me/prefs/settings /v3/me/subscriptions /v3/me/subscriptions?platform=android /v3/me/subscriptions?status=nonexpired /v3/profiles Location /v3/me/location/ {{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&favorite=true {{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1 {{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&bodyTypeIds=2,1 {{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&previouslyOnline=true {{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&action=moreguysoffer {{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&action=newfreeuser {{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&cascadeType=REMOTE {{host_nearby_profiles}}/v4/locations/{{geohash}}/unlimited-profiles?searchAfterDistance=0 {{host_nearby_profiles}}/v4/locations/{{geohash}}/unlimited-profiles?searchAfterDistance={{searchAfterDistance}}&searchAfterProfileId={{searchAfterProfileId}} {{host_nearby_profiles}}/v5/profiles/nearby?pageNumber=1 {{host_nearby_profiles}}/v5/profiles/unlimited?searchAfterDistance=0 {{host_nearby_profiles}}/v6/profiles/fresh?pageNumber=1 /v3/places/search?placeName=newyork&limit=3 Chat /v5/me/vendor-token /v5/rewarded-chats /v4/audio-call /v4/audio-call/join /v4/audio-call/renew /v4/audio-call/leave /v4/pics/expiring/status /v4/pics/expiring /v4/phrases/frequency/phraseId=63db06c8-9915-3279-b07c-1fd925013acc /v4/recognition/face /v4/recognition/chat /v4/views /v4/views/54986486 /v3.1/chat/backup /v3.1/flags/112788 /v3.1/groupchat/canbeinvited /v3.1/groupchat/caninvite/44906526 /v3.1/groupchat/invitation-link-code/22345 /v3.1/me/push-conversations/908f72c2d4aea3998a3400c9ad539768 /v3.1/me/push-conversations/908f72c2d4aea3998a3400c9ad539768 /v3/ad-colony/transactions?amount=4&uid=2&zone=3&id=1&verifier=10&udid=7&odin1=8&open_udid=6&mac_sha1=9&custom_id=49645&currency=5 /v3/mopub/transactions?ad_revenue=4.0&ad_unit_id=2&advertising_id=3&id=1&currency_type=10&currency_value=7&customer_id=8&id=6&placement_id=9&timestamp=49645&verifier=5 /v3/video-call /v3/video-call/12345 {{host_chat_http}}/v3/me/chat/messages?undelivered=true {{host_chat_http}}/v3/me/chat/messages?undelivered=true&receipts=true {{host_chat_http}}/v3/me/chat/messages?confirmed=true {{host_chat_http}}/v3/msgstore?limit=10&from=0 {{host_chat_http}}/v3/msgstore?msgid=messageId {{host_chat_http}}/v3/msgstore/delete {{host_chat_http}}/v3/messages/83a833be210bfe8de60e8e4a7bfe1339?limit=10&from=0 {{host_chat_http}}/v3/groupchats {{host_chat_http}}/v3/groupchats/0835caae4ce92ef1220043a27b0a1b03 {{host_chat_http}}/v3/groupchats/12335 {{host_chat_http}}/v3/groupchats/12335/112233 {{host_chat_http}}/v3/groupchats/all {{host_chat_http}}/v3/groupchats/all/12335678/2222 {{host_chat_http}}/v3/me/chat/messages?undelivered=true {{host_chat_http}}/v3/me/chat/messages?undelivered=true&receipts=true {{host_chat_http}}/v3/me/chat/messages?confirmed=true {{host_chat_http}}/v3/msgstore?limit=10&from=0 {{host_chat_http}}/v3/msgstore?msgid=messageId {{host_chat_http}}/v3/msgstore/delete {{host_chat_http}}/v3/messages/83a833be210bfe8de60e8e4a7bfe1339?limit=10&from=0 {{host_gaymoji}}/grindr/chat/gaymoji CDN/Media /v4/videos/expiring /v4/videos/expiring/status {{host_cdn}}/grindr/chat/{{chatImageHash}} {{host_cdn}}/grindr/chat-audio/{{audioHash}} {{host_cdn}}/images/profile/1024x1024/{{profileImageHash}} {{host_media}}/v4/videos {{host_media}}/v3.1/me/profile/images {{host_media}}/v3/me/audio {{host_media}}/v3/me/audio/{{audioHash}} {{host_media}}/v3/me/pics?type=chat {{host_media}}/v3/me/profile/images {{host_media}}/v3/me/profile/images?thumbCoords=300,20,260,20 Store /v4/consumables /v4/consumables/BOOST /v4/consumables/boost/report /v4/store/products /v4/store/products/consumables /v4/store/products/com.grindr.productId /v4/store/status /v3.1/store/grindrstore/coupons /v3.1/store/itunes/purchases /v3.1/store/itunes/purchases/restorations /v3.1/store/googleplay/purchases /v3.1/store/googleplay/purchases/restorations /v3.1/store/itunes/events /v3.1/store/products/com.grindr.product /v3/stripe/events Push/Data /v4/push-settings {{host_client_event}}/v3/logging/mobile/logs {{host_data_requests}}/v1/access-requests {{host_data_requests}}/v1/access-requests/codes {{host_data_requests}}/v1/access-requests/confirmations {{host_push}}/v3/ios-push-tokens {{host_push}}/v3/gcm-push-tokens {{host_push}}/v3/push-tokens/000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1aaa
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: 319881193
  • Asset type: APPLE_STORE_APP_ID
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Vulnerabilities that require physical, jailbroken, or device root OS access of another user's device will typically be considered out-of-scope.
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: com.grindrapp.android
  • Asset type: GOOGLE_PLAY_APP_ID
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Vulnerabilities that require physical, jailbroken, or device root OS access of another user's device will typically be considered out-of-scope.
  • Integrity requirements: medium
  • Max severity: critical