Bug Bounties

UpHabit

Powered by: 

Allows bounty splitting: 

Average time to first program response: 

Average time to bounty awarded null: 

Average time to report resolved: 

Handle uphabit

Managed program: false

Name: UpHabit

Offers bounties: false

Offers swag: false

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/uphabit

Website: https://uphabit.com

In scope:

  • Asset identifier: 1335632832
  • Asset type: APPLE_STORE_APP_ID
  • Availability requirement: low
  • Confidentiality requirement: low
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: ### iOS Application Reported issues must be reproducible on a phone that is not jailbroken or modified
  • Integrity requirements: low
  • Max severity: medium



  • Asset identifier: api.uphabit.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: ### Client Api This main client api devices communicate with
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: com.uphabit.android
  • Asset type: GOOGLE_PLAY_APP_ID
  • Availability requirement: low
  • Confidentiality requirement: low
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: ### Android Application Reported issues must be reproducible on a phone that is not rooted or modified and that is where the Google Attestation API returns true for both `ctsProfileMatch` and `basicIntegrity`
  • Integrity requirements: low
  • Max severity: medium



  • Asset identifier: web.uphabit.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: ### Web App
  • Integrity requirements: 
  • Max severity: critical