💰💰💰 MASSIVELY BOOSTED Bounties 💰💰💰v
3/14/2024, 7:54:37 PM (15 days ago)

🎉 Attention, fearless bug bounty hunters and code-savvy warriors! 🎉

Security is not a thing we can not value. We try to find our weak points with your eyes. We thought you deserve more 🫵 Therefore we increased High, Critical and Exceptional severity rewards.

Tier 1:

  • Exceptional: 5000 -> 8000
  • Critical: 3000 -> 6000
  • High: 1000 -> 2000

Tier 2:

  • Exceptional: 4500 -> 6500
  • Critical: 2500 -> 3500
  • High: 750 -> 1500

Tier 3:

  • Exceptional: 2500 -> 4000
  • Critical: 1000 -> 2000

So, dust off your hoodies, sharpen those security and coding skills, and get ready to embark on the adventure of a lifetime!

To Healthy and Secure Days,
Ada Security Team

Wildcard domains are in the game 👾☄️
2/19/2024, 4:54:34 PM (about 1 month ago)

Hi Security Professionals,

At Ada Health, we were hearing you for a while that you want to see all the assets in the scope. Now, it's the time 🚥 3...2..1.. Go Go Go 🚥

  • Some Tier 2 domains are moved to Tier 1
  • Some Tier 3 domains are moved to Tier 2
  • But the most important thing; wildcard domains are added as Tier 3. Now, they are all in your hands.

Start exploring and hacking! 💡🔐💻💰

To Healthy and Secure Days,
Ada Security Team

Mobile App V3.39.0 Release Notes 📝
11/10/2023, 1:59:34 PM (5 months ago)

🥷🏆 Helloooo Security Champions!! 🏆🥷

🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈
THE HOLIDAY SEASON HAS ARRIVED!
🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈

Have you checked out the new version 3.39.0 of the Ada Health app?!
We are back in action bringing you monthly updates packed with many improvements this time! 🚀

Improvements:

  • Security checks for detection of rooted or jailbroken devices.
  • Input validation on parameters (height, weight, age, etc) in health profile.
  • Updated vulnerable dependencies.
  • Removed unused v1 API endpoints in sign-up/sign-in screens, profile settings, health profile, symptom searching, conversations, conditions and many more endpoints.
  • Disabled unnecessary protocols in WebView.

Bugfixes:

  • Deep links inside the app redirect to correct in-app screens.
  • Account deletion and consent screen process.

🎁 P.S. Don’t miss out on the previous update to grab some extra bonuses just in time for some gifts this quarter 🎁

Start exploring and hacking! 💡🔐💻💰

To Healthy and Secure Days,
Ada Security Team

🎁🎅🚀 Ada Lovelace Day Bonus Campaign 🎁🎅🚀
10/10/2023, 6:49:34 AM (6 months ago)

BOUNTY BONANZA!!!

Calling all digital daredevils and hacking champions!!

Today is Ada Lovelace Day.

Ada Lovelace was the first computer programmer. She spearheaded the earliest explorations into the potential of computers in the 1800s. Ada Health is carrying forward her legacy by using AI to improve human health.
In honour of our namesake, 💥we are excited to announce a Bonus program.💥

When?

⌛From October 10th until December 20th 2023 ⌛

What?

⚡All Tier 1 and Tier 2 assets in details.⚡

How much bounty?

💰 50% Bonus for all Tier 1 and Tier 2 assets! 💰

So what are you waiting for?! Start hacking and exploring 💻💶

To Healthy and Secure Days,
Ada Security Team

🙌🙌 News Assets in the Scope and OpenApi Document 🙌🙌
9/25/2023, 1:00:32 PM (6 months ago)

Bazzingaa!!!

Hey Hackers, we are thrilled to announce a significant scope expansion of our Bug Bounty Program, a crucial step in our ongoing commitment to enhancing the security of our products and services. This expansion not only broadens the scope of the program but also places a renewed emphasis on transparency.

Why Transparency Matters? ℹ️ ℹ️

At Ada Health, we recognize that trust is paramount in the digital age. Trust is built upon open communication, accountability, and a commitment to improving security. By embracing transparency, we aim to foster a culture of collaboration between our security experts and the global cybersecurity community.

What Are Those New Assets? 💥💥

Following domains are added to the scope as Tier 3.

Production Environment Demo Ecosystem

Integration Environment Care Navigation Ecosystem

Tier 2 Critical & Exceptional Bounty Level Increase 💰 💶

  • On Tier 2, Critical severity bounty is increased from 2000€ -> 2500€
  • On Tier 2, Exceptional severity bounty is increased from 4000€ -> 4500€

For elaborated explanation, please check the program details. Additionally, openapi documents are also served to you.

To Healthy and Secure Days
Ada Security Team

Mobile App V3.36.0 Release Notes 📝
9/14/2023, 11:03:47 AM (7 months ago)

💡🥷📢 Greetings, Security ninjas! 💡🥷📢

We are back this mid-September, loaded with updates in our application. You can find them in the new version 3.36.0.

  • Improvements and bug fixes:

    • Application now recognises rooted or jailbroken devices and prompts user to Continue or Close app.
    • In-app description for Diabetes mellitus type 2 (Profile > Risk Assessments > Type 2 Diabetes > Learn more about diabetes).
    • No more error when app is killed and restarted after a user deletes their account.
    • Fixed flow as white screen was displayed when user navigated to ‘decline all and delete account’.
    • Improved authorisation for symptom tracking endpoints.
  • Additions:

    • User consent screens for promotional emails, push notifications, research, app usage

We are excited to review your security catches, so start exploring and hacking!

⏰ And last but not least, 🥁🥁 watch out for the update next month because we have something special coming up (:cough: anniversary!). ⏰

To Healthy and Secure Days,
Ada Security Team

Mobile App V3.34.0 Release Notes 📝
8/17/2023, 8:59:16 AM (8 months ago)

💫🥷 Hey there security wizards!💫🥷

Hope y’all are in high spirits and having a great week! Guess what? Our mobile app has cool new updates. Why not take a second to check out what we’ve got in store for you on our version 3.34.0?!

  • Improvements and bugfixes
    • /conversation endpoint does not send 4xx bad request anymore when user clicks “I still don’t understand”.
    • From this version onwards, the app will not get stuck in privacy settings screen when a new account is created.
    • User is logged out when token is expired or not refreshed correctly.
    • Severity slider in the symptom tracking screen accepts correct input type to bff even if user inputs int value.
  • Additions
    • You can now sign up with Ada using your Google account 👀.

Start exploring and hacking! 💡🔐💻💰

To Healthy and Secure Days,
Ada Security Team

Mobile App V3.31.0 Release Notes 📝
7/13/2023, 8:10:27 AM (9 months ago)

📣 💰Aloha Bug Bounty Hunters! 📣💰

We hope you are doing well and staying healthy. With your enthusiasm and dedicated time, we anticipate that you have been receiving significant rewards from your security research efforts. Exciting news - Our mobile application has received many updates. Take a moment to discover what’s new and fixed on our mobile version 3.31.0:

  • Add: A new feature on Intelligent Symptom tracking 👀 Profile > Health Profile > Symptom Tracking (Enjoy your meal with this new endpoint 😋)
  • Add: Push notifications are enabled for iOS and Android to receive new updates
  • Add: BMI feature is now available for Canada users too
  • Improvement: Home Screen cards can now be updated dynamically without a release
  • Fix: MedHub bugfixes affecting roadblocks
  • Update: Vulnerable dependencies

Dive into exploring and hacking these fresh possibilities! 🎯🔐🔍💻

To Healthy and Secure Days,
Ada Security Team

Bounties Increased Again 💸 📈 👀
5/3/2023, 9:25:43 AM (11 months ago)

Hello dear hackers,

Today we have some exciting news that we have increased our bounty levels to reflect the success of our program so far and to encourage you to push even harder to find any vulnerabilities within our in-scope applications.

The changes:

  • Tier 1 Exceptional bounty has increased from €3250 -> €5000
  • Tier 2 Exceptional bounty has increased from €2500 -> €4000
  • Tier 1 Critical bounty has increased from €2000 -> €3000
  • Tier 2 Critical bounty has increased from €1500 -> €2000

We especially welcome and look forward to more submissions from mobile application experts.

Good luck and happy hunting!

To Healthy and Secure Days,
Ada Security Team

Mobile App V3.26.0 Release Notes 📝
4/26/2023, 1:25:45 PM (11 months ago)

Hi Security 🥷🥷🥷,

We hope you are healthy and secure nowadays. And we hope you are about to find the most valuable bounty from your security researches. For that purpose, we have an update on our mobile application site. Please find following what we added, fixed and deleted on our version 3.26.0

  • iOS 12.x and Android 6.x and below versions support is stopped. The minimum compatible versions are iOS 13 and Android 7.
  • Symptom assessment roadblocks are received directly from an internal service
  • Assessment report is deleted when the case is deleted not to leave orphaned user data
  • Body Mass Index (BMI) calculation is added to Health Profile.
  • App stuck on splash screen if /features endpoint fails, problem is fixed
  • Added new endpoints to the BFF on /user/intelligent-symptom-tracking
  • Symptom assessment bugfixes
  • And of course vulnerable dependencies are upgraded.

Another hope for us, about not forgetting any security weakness on our implementation. If so, the road is yours now 💪

Try harder, keep secure and stay healthy,

Ada Security Team.