GitHub for mobile

Synopsis

Bring GitHub collaboration tools to your small screens with GitHub for mobile.

Focus areas

Out of scope

Ineligible submissions

OAuth client ID and secret are publicly available

It is expected that the GitHub for mobile apps include both the OAuth client ID and OAuth secret. The usage of Universal/Deep links (github://) helps reduce the risk of any issue presented here by binding the OAuth callback directly to the GitHub mobile application.

On-screen data is not hidden when backgrounding the app

The GitHub for mobile apps do not clear on-screen data when they are backgrounded. This is by design and does not present a security risk.

No jailbreak detection

The GitHub for modile apps do not attempt to detect jailbreaked devices. This is by design and does not present a security risk.

Submit a vulnerability for GitHub for mobile

Recently collected GitHub for mobile bounties:

No vulnerabilities have been reported yet. Yours can be the first!