GitHub for mobile

Synopsis

Bring GitHub collaboration tools to your small screens with GitHub for mobile.

Focus areas

• Authentication and credential handling
• Mobile specific APIs
• Any protocol handlers, such as github://

Out of scope

• Push notifications are handled by a third-party system and are not in-scope for the GitHub bounty program.

Ineligible submissions

OAuth client ID and secret are publicly available

It is expected that the GitHub for mobile apps include both the OAuth client ID and OAuth secret. The usage of Universal/Deep links (github://) helps reduce the risk of any issue presented here by binding the OAuth callback directly to the GitHub mobile application.

On-screen data is not hidden when backgrounding the app

The GitHub for mobile apps do not clear on-screen data when they are backgrounded. This is by design and does not present a security risk.

No jailbreak detection

The GitHub for modile apps do not attempt to detect jailbreaked devices. This is by design and does not present a security risk.

Recently collected GitHub for mobile bounties:

No vulnerabilities have been reported yet. Yours can be the first!