GROUP
PRODUCT
BUSINESS
LEGAL
SHAREit SRC Bounty Policy 1.0
2023-03-23 03:00:00

Basic principle

SHAREit looks forward to collect vulnerabilities from users and white hats to keep our business and customers secure. 

SHAREIt supports responsible vulnerability disclosure and processing. We promise to give bounty to every user who abides by the spirit of white hat, protects the interest of users and helps SHAREit improve the security quality. 

 

Scope of Assets 

The bounty policy applies to:

  • The latest versions of apps in the Google Play, including SHAREit,LIKEit,WATCHit.
  • Websites built by SHAREit , but do not include SHAREit internal applications or websites that only provide services to SHAREit employees.

 

Rewards

The risk of security and privacy vulnerability can be divided into four levels according to its harm: critical, high, medium and low.

 

Web vulnerability

APP vulnerability

Privacy vulnerability

Threat intelligence


Extra reward

If the vunerability has a significant impact, the reward will double.


Report requirements and special circumstances

If the same vulnerability is submitted to SHAREIt SRC, only the first reporter will be rewarded.

In the vulnerability report, you need to explain: the name, type, affected assets (APP, website, etc.), discovery process and exploitation evidence such as screenshot or video, repair suggestions of the vulnerability.

App vulnerability requires you to provide test model, APP version, package name and download source.

Please try your best to ensure the clarity and integrity of the report. For the experts whose report is the most clear, we will set up a separate reward. At the same time, please do not disclose and disseminate the details of the vulnerability before it is fixed.

 

Payment

SHAREit SRC only pay cash. When the reward amount is higher than $100, it can be withdrawn, otherwise it will be accumulated. Cash payments will be made by bank transfer through SHAREIt's account.

SHAREit SRC will conduct reward settlement for all effective vulnerabilities in the first week of each month, and pay cash within 30 days. If the first week of the month is legal holiday, the settlement time and the reward payment time will be postponed.

Some information must be provided by white hat experts, including Beneficiary Name、Account Number、SWIFT Code. Payment time may be affected by currency type, holiday, bank location and other factors, Thanks a lot for your understanding. Please provide correct personal information for the payment of reward. We promise that all PII is only used for reward payment purpose, and the security level is the same as SHAREIt customers PII.

 

Attention

Any objection to the vulnerability processing, please send an email to sec@ushareit.com.

SHAREit opposes and condemns all hacker acts that take vulnerability test as excuse to exploit security vulnerabilities to damage the interests of customers. We will investigate the legal responsibility for the above-mentioned activities.

SHAREit employees (including formal employees and outsourcing employees) cannot participate in the bounty.

The SHAREit SRC has the final right to interpret all the above terms.