ГлавнаяЦеныЧто такое eSIMПомощь
InstagramInstagramXXTelegramTelegram
Terms and ConditionsPrivacy PolicyComplaints PolicyBug Bounty Program

TonMobile Bug Bounty Program

Intermob Limited · trading as TonMobile

1. About the Program

TonMobile, the largest mini-app on Telegram for selling eSIMs, invites security specialists to participate in our Bug Bounty program. The goal of the program is to identify and address potential vulnerabilities to protect data and ensure the security of our clients.

2. Participation Rules

  • Participants must comply with all requirements and rules of the Telegram platform and applicable laws.
  • Any attempts to gain unauthorized access to user data, as well as destructive testing (e.g., DDoS attacks), are prohibited.
  • Participants are required to report only those vulnerabilities that affect the TonMobile platform without disrupting the service.

3. Vulnerability Categories

We accept reports on the following types of vulnerabilities:

  • Authentication and Authorization Vulnerabilities: vulnerabilities that allow access to other users' accounts or data.
  • Financial Impact Vulnerabilities: any bugs that may lead to financial losses, including bypassing the payment system or improper use of internal balances and bonus systems.
  • Data Security Vulnerabilities: issues that could lead to the leakage of users' personal information.
  • Vulnerabilities in Partner Platform Integrations: potential issues that may affect functionality or data security when interacting with partner services.

4. Reward Levels

  • Critical Vulnerabilities (e.g., full access to user data, bypassing payment systems): up to $1000.
  • High Risk (e.g., access to private data, manipulation of internal balances): up to $500.
  • Medium Risk (e.g., vulnerabilities affecting app functionality): up to $250.
  • Low Risk (e.g., less critical interface issues): up to $100.

All rewards will be paid after our team confirms the vulnerability.

5. How to Submit a Report

  • Describe the vulnerability in as much detail as possible, including steps to reproduce it.
  • Specify the impact of the vulnerability and potential risks.
  • Attach screenshots, videos, or other materials that will help our team understand and reproduce the issue.
  • Submit your report via pa@tonmobile.com or @MobileSuppBot.

6. Additional Terms

  • We reserve the right to determine the validity of vulnerabilities and the eligibility for rewards.
  • Participants who identify vulnerabilities and follow the rules will not face legal actions if they act within the program's guidelines.
  • TonMobile reserves the right to change the terms of the program at any time.

7. Exclusions

The Bug Bounty program does not cover:

  • UI/UX issues without significant impact on security.
  • Vulnerabilities found on third-party platforms that are not integrated with TonMobile.
  • Functionality that does not affect data security or integrity.

8. Contact

If you have questions about the program or the report submission process, please contact us via email at pa@tonmobile.com.