Contact Us
Please complete the form below for better and faster service, and we will contact you shortly.
We thoroughly investigate all internally and externally reported security issues and provide advisories for any validated security vulnerabilities. These advisories help our customers and partners assess the potential impact and take the necessary steps.
If you encounter any security-related issues, incidents, or privacy concerns, we encourage you to report them. Please provide the details of the issue in the message section below.
Note: Fields marked with an asterisk (*) are mandatory.
Reporting a Vulnerability
In your report, please include:
- The product in question (product model, website, IP, or page where the vulnerability is present).
- A brief description of the vulnerability type, such as “XSS vulnerability.”
-
Steps to reproduce the vulnerability. These should be safe, non-destructive proof of concepts to ensure accurate and prompt triage. This also helps to prevent duplicate reports or malicious exploitation of vulnerabilities.
What to Expect
After submitting your report, we will acknowledge receipt within 5 working days and aim to triage your report within 15 working days. We will also keep you updated on our progress.
The priority for remediation is determined by the impact, severity, and complexity of the exploit. Please note that addressing vulnerability reports may take some time. You are welcome to inquire about the status, but we ask that you do so no more than once every 14 days to allow our teams to focus on remediation.
We will inform you when the reported vulnerability has been resolved, and you may be invited to verify that the solution adequately addresses the issue.
Once your reported vulnerability has been resolved, we welcome requests for public disclosure. We aim to provide unified guidance to affected users, so please coordinate any public releases with us.
Conduct Guidelines
You must NOT:
- Violate any applicable laws or regulations.
- Access excessive or unnecessary amounts of data. Modify data within AMobile's systems or services.
- Use invasive or destructive scanning tools.
- Attempt or report any form of denial-of-service attacks, such as overwhelming a service with high volumes of requests.
- Disrupt AMobile's services or systems.
- Submit reports of non-exploitable vulnerabilities or those indicating non-compliance with “best practice” guidelines, such as missing security headers.
You must:
- Adhere to data protection rules and not violate AMobile's Privacy Policy concerning users, staff, contractors, services, or systems. For example, do not share, redistribute, or improperly secure data retrieved from our systems or services.
- Securely delete all data retrieved during your research as soon as it is no longer needed, or within one month of the vulnerability being resolved, whichever comes first (or as required by data protection laws).
Legal Considerations
This policy aligns with common practices in vulnerability disclosure. It does not grant you permission to act in a manner inconsistent with the law or that could cause AMobile or its partners to breach any legal obligations.