OPPO HackerOne

Target Policy
https://hackerone.com/oppo?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • *.finzfin.com
    URL
    critical
  • com.nearme.wallet
    OTHER_APK
    critical
  • com.coloros.browser
    OTHER_APK
    critical
  • *.nearme.com.cn
    URL
    critical
  • com.nearme.atlas
    OTHER_APK
    critical
  • com.heytap.browser
    OTHER_APK
    critical
  • com.oppo.market
    OTHER_APK
    critical
  • com.oppo.usercenter
    OTHER_APK
    critical
  • com.nearme.browser
    OTHER_APK
    critical
  • com.heytap.usercenter
    OTHER_APK
    critical
  • feedback.foreign.oppomobile.com
    URL
    none
  • *.myoas.com
    URL
    none
  • *.oppo.cn
    URL
    critical
  • *.opposhop.cn
    URL
    critical
  • *.coloros.com
    URL
    critical
  • com.oppo.cloud
    OTHER_APK
    critical
  • com.heytap.cloud
    OTHER_APK
    critical
  • *.realme.net
    URL
    critical
  • *.realmebbs.com
    URL
    critical
  • *.oppomobile.com
    URL
    critical
  • community.coloros.com
    URL
    none
  • *.oppofind.com
    URL
    critical
  • com.coloros.findphone.client2
    OTHER_APK
    critical
  • *.heytap.com
    URL
    critical
  • *.keke.cn
    URL
    critical
  • *.oppopay.com
    URL
    critical
  • *.realme.com
    URL
    critical
  • com.coloros.securepay
    OTHER_APK
    critical
  • com.coloros.backuprestore
    OTHER_APK
    critical
  • feedback.nearme.com.cn
    URL
    none
  • *.heytapmobile.com
    URL
    critical
  • *.realmeservice.com
    URL
    critical
  • *.realmemobile.com
    URL
    critical
  • www.oppo.com.my
    URL
    none
  • *.oppo.com
    URL
    critical
  • *.heytapmobi.com
    URL
    critical
  • com.coloros.findphone.client
    OTHER_APK
    critical
  • http://opposimulator.com/
    URL
    none
  • open.oppomobile.com

    At present, the business is investigating security problems. We will not accept vulnerabilities during the time . Thank you for your attention.

    URL
    none
  • i.feedback.oppomobile.com
    URL
    none
  • com.coloros.speechassist
    OTHER_APK
    critical
  • com.oppo.speechassist
    OTHER_APK
    critical
  • com.nearme.instant.platform
    OTHER_APK
    critical
  • com.coloros.findmyphone
    OTHER_APK
    critical
  • preview.myoas.com
    URL
    none
  • t-preview.myoas.com
    URL
    none
  • com.coloros.encryption
    OTHER_APK
    critical
  • *.wanyol.com
    URL
    critical
  • ROM

    For ROM vulnerability, reports will be accepted for the phone models with the latest ColorOS version and Android version needs to be 8,9 and 10.

    OTHER
    critical
  • *.realmepaysa.com
    URL
    none
  • *.realme.com.tw
    URL
    none
  • *.heytapdownload.com
    URL
    critical
  • *.myoas.net
    URL
    critical
  • *.heytapimage.com
    URL
    critical
  • xiaoneng.oppo.com
    URL
    none
  • feedback.oppomobile.com
    URL
    none
  • intl.feedback.oppomobile.com
    URL
    none
  • intl-feedback.oppomobile.com
    URL
    none
  • com.heytap.market
    OTHER_APK
    critical
Target Scope Domains
  • coloros.com
  • finzfin.com
  • heytap.com
  • heytapdownload.com
  • heytapimage.com
  • heytapmobi.com
  • heytapmobile.com
  • keke.cn
  • myoas.net
  • nearme.com.cn
  • oppo.cn
  • oppo.com
  • oppofind.com
  • oppomobile.com
  • oppopay.com
  • opposhop.cn
  • realme.com
  • realme.net
  • realmebbs.com
  • realmemobile.com
  • realmeservice.com
  • wanyol.com
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-gausubs-2-kxss
allkxss
1 year, 1 month ago
Finished
auto-gausubs-2-kxss
  • Fleet: allkxss
  • Duration: 53.20 Minutes
  • Finished: 1 year, 1 month ago