France's COVID-19 contact tracing app is now tested by 15,000+ ethical hackers

June 3, 2020

Second step for France’s COVID-19 contact tracing app which goes on a public Bug Bounty programme.

Paris – June, 3rd,2020 - YesWeHack, Europe’s Bug Bounty leader, announced the beginning of a public Bug Bounty programme for StopCovid, France’s official app in the fight against the spread of COVID-19. From today, the 15,000+ ethical hackers of the YesWehack platform, spread in more than 120 countries, will be enabled to search for vulnerabilities in the application.

The public bug bounty programme follows a week-long private one where 35 European ethical hackers investigated all components of the app. As StopCovid goes to end users, the public bug bounty programme opens up. France is the first country to ensure continuous security for its contact tracing app through bug bounty.

A few minor bugs were discovered during the private phase

All the vulnerabilities identified were reported to the StopCovid project team. Out of the 12 bugs identified in the YesWeHack program, 7 were accepted as being within the scope of the Bug Bounty or being of general interest: 5 minor to moderate security bugs, not allowing any immediate compromising of phones, infrastructure or data generated by the application, and 2 functional bugs. Corrections are underway and all accepted bugs have been reported on Inria’s Gitlab, the StopCovid project team’s bug tracker.

Public phase: strengthen the vulnerability hunt


Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.