Bugs Bounty Programme

Security is a crucial part of our daily work at GenioPay. We continuously keep customer information safe and secure. At the same time, we understand the important role of security researchers. If you find anything disturbing or vulnerabe, please notify us using the below guidelines.

laptop

Eligibility

In order to be eligible for an GenioPay Security Bounty, the issue must occur on the latest publicly available versions of GenioPay mobile app with a standard configuration and, where relevant, on the latest publicly available hardware or the Security Research Device. These eligibility rules are meant to protect customers until an update is available, ensure GenioPay can quickly verify reports and create necessary updates, and properly reward those doing original research. Researchers must:

  • Be the first party to report the issue to GenioPay Product Security.
  • Provide a clear report, which includes a working exploit (detailed below).
  • Not disclose the issue publicly before GenioPay releases the security advisory for the report. (Generally, the advisory is released along with the associated update to resolve the issue). See terms and conditions.

Issues that are unknown to GenioPay and are unique to designated developer betas and public betas, including regressions, can result in a 50% bonus payment. Qualifying issues include:

  • Security issues introduced in certain designated developer beta or public beta releases, as noted in their release notes. Not all developer or public betas are eligible for this additional bonus.
  • Regressions of previously resolved issues, including those with published advisories, that have been reintroduced in certain designated developer beta or public beta release, as noted in their release notes.

Bounty Categories

Bounty payments are determined by the level of access or execution achieved by the reported issue, modified by the quality of the report. A maximum amount is set for each category. The exact payment amounts are determined after review by GenioPay. All security issues with significant impact to users will be considered for GenioPay Security Bounty payment, even if they do not fit the published bounty categories. GenioPay Security Bounty payments are at GenioPay’s discretion.

TopicMaximum Payout

Network attack with user interaction

One-click unauthorized access to sensitive data**

One-click kernel code execution

$100,000

$150,000

Network attack without user interaction

Zero-click radio to kernel with physical proximity

Zero-click unauthorized access to sensitive data**

Zero-click kernel code execution with persistence and kernel PAC bypass

$100,000

$150,000

$150,000

Network attack with user interaction

One-click unauthorized access to sensitive data**

One-click kernel code execution

$100,000

$150,000

Network attack without user interaction

Zero-click radio to kernel with physical proximity

Zero-click unauthorized access to sensitive data**

Zero-click kernel code execution with persistence and kernel PAC bypass

$100,000

$150,000

$150,000

Report and Payout Guidelines

The goal of the Apple Security Bounty is to protect customers through understanding both vulnerabilities and their exploitation techniques. Reports that include a basic proof of concept instead of a working exploit are eligible to receive no more than 50% of the maximum payout amount. Reports lacking necessary information to enable Apple to efficiently reproduce the issue will result in a significantly reduced bounty payment, if accepted at all.

A complete report includes:
  • A detailed description of the issues being reported.
  • Any prerequisites and steps to get the system to an impacted state.
  • A reasonably reliable exploit for the issue being reported.
  • Enough information for Apple to be able to reasonably reproduce the issue.
Maximizing Your Payout

To maximize your payout, keep in mind that Apple is particularly interested in issues that:

  • Affect multiple platforms.
  • Impact the latest publicly available hardware and software.
  • Are unique to newly added features or code in designated developer betas or public betas, including regressions, as noted on this page when available.
  • Impact sensitive components.
  • Are novel.
Additional Requirements

In addition to a complete report, issues that require the execution of multiple exploits, as well as one-click and zero-click issues, require a full chain for maximum payout. The chain and report must include:

  • Both compiled and source versions.
  • Everything needed to execute the chain.
  • A sample non-destructive payload, if needed.
Sending Your Report

Send your report by email to security[@]geniopay.com. Whenever possible, encrypt all communications with the GenioPay Product Security PGP Key. Include all relevant videos, crash logs, and system diagnosis reports in your email

TERMS AND CONDITIONS

Read the legal requirements for the GenioPay Bounty Program.

Learn more

No hidden fees,
we plant trees

Money does not grow on trees but it can plant them. As a sustainable company,
we believe we can change the fortunes of our planet, one transaction at a time. The time is now! #GreenFinance

How it works
  • 20MTrees to be planted
  • 435MKg CO2 Offset

Like a real bank, but better

One Account, Many possibilities

Learn more

Help & Support

Legal

Learn more

#
#

Follow us

  • https://fb.me/geniopayhq
  • https://linkedin.com/company/geniopay
  • https://twitter.com/geniopayhq
  • https://www.youtube.com/channel/UCdJMkR5ayt4VDgaTcxVSgNg
  • https://instagram.com/geniopay
##

GenioPay Ltd.
Kemp House, 160 City Road, London, EC1V 2NX
Company No.: 12976922
ICO No.: ZB151097
MSB Reg.: M22437094
CRA No.: 730806007RC0001
LEI: 984500DWDDC1RHC78B18

GenioPay Ltd (Registration No. 12976922) trading as GenioPay is incorporated in the U.K is authorised by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) as a Money service company (Registration No M22437094). Registered address: Kemp House, 160 City Road, London, United Kingdom, EC1V 2NX. We are registered with the UK’s data protection regulator (The Information Commissioner’s Office or “ICO”) as a Controller of personal data under number ZB151097.
GenioPay (CA) Inc. is a limited liability company incorporated in Canada under Corporation Number 1397518-5.
GenioPay (US) Inc. with its registered address: 651 N Broad St. Suite 201, Middletown, Delaware, United States, is a limited liability company incorporated in the United States.
GenioPay OÜ is a limited liability company incorporated in the Republic of Estonia under Registration Number 16294084 with its legal address being at Harjumaa, Tallinn linn, Sakala tn 7-2, 10141, Estonia. GenioPay Limited, GenioPay OÜ, GenioPay Inc. and are hereinafter jointly and separately referred to as "We" or “Us”.