The popular Chinese video-sharing social networking service TikTok has launched this week a public bug bounty program through the HackerOne platform.
White hat hackers are invited to report security flaws in TikTok websites, including several subdomains, and both Android and iOS apps.
The company is offering between $1,700 and $6,900 for high-severity flaws, the payout for a critical issue can go up to $14,800.
“We encourage security researchers to focus their efforts on finding security vulnerabilities demonstrating meaningful impact. Our rewards are based on severity per CVSS (the Common Vulnerability Scoring Standard).” reads the program description.
The idea to reward white hat hackers for reporting security flaws is not new for the Chinese firm that claimed to have already paid out more than $40,000 through its bug bounty program.
The company has had a Vulnerability Reporting Policy and follows a Coordinated Disclosure Policy with a waiting period of 90 days from submission.
“This partnership will help us to gain insight from the world’s top security researchers, academic scholars and independent experts to better uncover potential threats and make our security defenses even stronger,” said Luna Wu of TikTok’s Global Security Team.
President Trump is trying to ban TikTok in the United States due to security and privacy concerns. TikTok has denied any accusation of sharing data with the Beijing government. TikTok confirmed that all US user data is stored in the US, with a backup in Singapore.
TikTok challenged the decision in a US court and the judge blocked the President’s request to ban the Chinese company in the country.
The US Government is making pressure on TikTok’s parent firm Bytedance to sell its U.S. operations to an American company.
(SecurityAffairs – hacking, TikTok)