I found a critical bug (allows me to dump the million of users information) on an android application that has more than 1 million downloads, I contacted the developers many times and doing that since 5 months they always leave me only a seen ! Like they don’t care !
Where I should report kind of bugs !?
Thanks for dropping a note here! First things first, if you could have a quick read through this (Establishing asset ownership in vulnerability reporting) and respond if there’s anything you tried that isn’t working and should be.
Aside from that, have you tried the Google or Android VRP? They’re usually pretty keen to here about third party issues when they are as widespread as you’re suggestion.
Here’s the link for the Android Play Security Reward Program: Google Play Security Reward Program – Application Security – Google
Thanks for your reply, as I said I tried everything I even was able to talk to them but they maybe still don’t know much about security and users privacy … That why I started looking for something else until I found this awesome community
I’ve just submit a report to google security team, hope they going to accept it.
I was rejected by google support they said I’m not allowed to scan any application in their store !