UpHabit

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
1335632832 APPLE_STORE_APP_ID low low low medium
### iOS Application Reported issues must be reproducible on a phone that is not jailbroken or modified
api.uphabit.com URL medium high high critical
### Client Api This main client api devices communicate with
com.uphabit.android GOOGLE_PLAY_APP_ID low low low medium
### Android Application Reported issues must be reproducible on a phone that is not rooted or modified and that is where the Google Attestation API returns true for both `ctsProfileMatch` and `basicIntegrity`

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
uphabit.com URL low low low none
### Company website only the root domain `uphabit.com` is defined for the website, subdomains are listed seperately