Security and privacy of our users are very important for us. Our developers strive to write secure code and we take utmost care to ensure that our systems are protected. We realize that there is no silver bullet when it comes to security and there are times when security bugs sneak through despite our best efforts. We welcome working with you to resolve any security issues promptly.
Reporting a security issue
We would like to foster a culture of collaboration to achieve better security and make the internet a better place. If you believe that you have found a security issue in our product or service, that can adversely impact InMobi's systems or have a hunch or an idea or suggestion to improve our security, please do contact our security team at secops [at] inmobi.com. A member of our security team will reach out to you and will work with you to validate, qualify and resolve the issue you have identified. As InMobi works with many partners across the globe, sometimes it may be confusing whether a system/ network/ service/ software/internet device/data belongs to InMobi or not. In these cases, please write to us before initiating any research activity to avoid any violation of privacy and security laws. Our expectations from you:
- A detailed description of the issue
- Steps to reproduce the issue
- You will follow responsible disclosure guidelines (see below)
- Collaborative spirit
- No malicious activities (**)
Our promise to you:
- Prompt acknowledgment of the report (within 2 business days)
- Transparency throughout the process
- An environment conducive to collaboration
- Adequate mitigation of the issue
- Recognition of your efforts (if you are the first one to report the issue)
We at InMobi believe that with great knowledge comes great responsibility. We expect that you will let us know as soon as possible upon discovery of a potential security issue, give us reasonable lead time to respond to your report before making any information public and that you will make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research. Only interact with accounts you own or with the explicit permission of the account holder. We will reciprocate the gesture by working with you to mitigate the issue to the satisfaction of both parties. We would prefer that interested researchers coordinate their efforts with our security team so that we can avoid any untoward incidents that could affect confidentiality, integrity or availability of InMobi's systems.
We classify malicious activities as follows
- Performing actions that may negatively affect InMobi or its users (e.g. Spam, Brute Force, Denial of Service…)
- Social engineering (including phishing) of InMobi staff or contractors
- Conducting any kind of physical or electronic attack on InMobi personnel, property or data centers
- Automated scanning
- Deliberate attempts at harming InMobi systems
- Introduction of backdoors/trojans/malware in InMobi systems
- Attempts to breach/copy/store/use/share/sell confidential data
All attempts to cause harm to InMobi’s systems and data and that do not follow responsible disclosure will be pursued legally to the full extent permitted by law.