In this episode of the Opera Bug Bounty series, we introduce Opera for Android, our main product for the Android platform.
What is Opera for Android
Opera for Android is a Chromium-based browser that prides itself on a user-friendly and good looking UI in which everything works together seamlessly. It also has many built-in features that other browsers only offer through extensions — everything works right out of the box.
Some of the more noticeable features are:
- A built in ad blocker that also hides those annoying cookie dialogs you see on many sites.
- A Crypto Wallet, which allows you to send and receive cryptocurrencies, like Bitcoin and Etherium, as well as crypto collectables and NFTs.
- Flow, which connects your computer’s browser with your phone’s, making it easy to share files and notes with yourself using end-to-end encryption between your devices.
- A free and unlimited built-in VPN.
What to search for
When looking for vulnerabilities in Opera, please focus on Opera-specific functionality. Issues related to Chromium should be reported to the open source Chromium project, to ensure environmental consistency and for the mutual benefit of all Chromium-based projects.
While we are interested in all issues with a clear security impact, there are certain types of reports that are of extra interest. Examples of this are working exploits that don’t require physical access to the device, or the use of social engineering to successfully achieve:
- remote theft of a user’s cookies,
- theft of cryptocurrency or other assets from the Crypto Wallet due to a bug in Opera,
- a realistic attack against the privacy of the data exchanged via Flow.
When finding an issue
If you find an issue, please test it in the latest beta version of Opera to ensure that it hasn’t been fixed already.
If the issue is browsing related, there is a chance that it’s a generic Chromium issue. Try reproducing your issue in a version of Chrome on Android that matches the version of Chromium we are using. You can see which version of Chromium it is by looking at the user agent string.
If you can reproduce it in Chrome as well, it’s likely a Chromium issue and should be reported to them rather than us. If you find a severe bug in Chromium, it could still be of interest to us so we can patch it early, but it would be seen as a P5 informational issue that would not result in any bounty.
Reporting an issue
Before you report an issue, please check the Opera for Android section of the Opera Bug Bounty program’s scope one extra time. This section lists things that we consider out-of-scope, and by familiarizing yourself with this you can avoid reporting issues that are out-of-scope.
From time to time we receive low quality reports about theoretical issues that don’t demonstrate any actual vulnerability. We also receive reports where it’s clear that the reporter has not read the program scope at all.
Make sure your report positively stands out by clearly demonstrating the security issue. Also, please make sure that you provide clear and easy steps for reproducing the issue or anything else needed to understand the issue.
The easier you make it for us to understand the issue you have found, the higher the chances that it will be handled quickly and correctly.