Synopsis

Bring GitHub collaboration tools to your small screens with GitHub Mobile.

Please see our severity guidelines for more information about how severities are calculated.

Focus areas

• Authentication and credential handling
• Mobile specific APIs
• Any protocol handlers, such as github://

Out of scope

• Push notifications are handled by a third-party system and are not in-scope for the GitHub bounty program.

Ineligible submissions

On-screen data is not hidden when backgrounding the app

The GitHub Mobile apps do not clear on-screen data when they are backgrounded. This is by design and does not present a security risk.

No jailbreak detection

The GitHub Mobile apps do not attempt to detect jailbreaked devices. This is by design and does not present a security risk.