Updates to JumboPrivacy
We have exciting news for Jumbo Privacy!
There have been updates to the JumboPrivacy targets as of May 18, 2020. This update brings about the following changes with links to relevant resources:
- Jumbo will not consider escalating to a paid-tier via a method which requires advanced interaction with the app (decompiling, repackaging, etc, especially if physical access to the device is required) eligible for rewards.
- Jumbo will not consider the mere finding of API endpoints which can be consumed without payment authorization (even if the feature which makes use of this API endpoint in the app requires payment,) eligible for rewards.
- Jumbo will consider vulnerabilities that impact payment authorization remotely. Especially if it can be deployed on behalf of more than one user (e.g. if you find a vulnerability that would give everyone access to paid features without paying with minimal user interaction.)
As always, please be sure to review the program brief in detail, and if you have any questions, please reach out email@example.com.