Details

Raivo OTP is an open source multi-factor authentication app for iOS. We allow you to dig into the source code and if you wish, you can compile it. If you prefer to decompile an IPA, you can download it from Apple TestFlight or the Apple App Store. Happy hacking!

If you discover a security vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. If you find a security vulnerability in a third-party module that is in use by Raivo OTP, please also report the vulnerability to the person or team maintaining the module.

We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.

Disclosure Policy

When the security team receives a security vulnerability report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:

Confirm the vulnerability and determine the affected versions.
Audit the code to find any potential similar problems.
Prepare a fix for the upcoming release or a dedicated release.
Publish the fix to the Apple App Store as soon as possible.

Exclusions

While researching, we'd like to ask you to refrain from:

Reporting issues that do not affect security.
Reporting vulnerabilities that require a Jailbroken device.
Testing Apple iCloud, please report Apple iCloud bugs to Apple.
Reporting clickjacking vulnerabilities without server-side state-changing functionality.
Social engineering (including phishing) of Raivo OTP staff or contractors .
Any physical attempts against Raivo OTP property
Denial of Service (DoS) or spamming .

Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorised conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Thank you for helping keep Raivo OTP and our users safe!

Gallery

| {F1848435} | {F1848436} | {F1848437} | {F1848438} | {F1848439} | {F1848440} | {F1848441} | {F1848442} | {F1848443} | {F1848434} | |:-:|:-:|:-:|:-:|:-:|:-:|:-:|:-:|:-:|

Disclosure Policy

When the security team receives a security vulnerability report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:

Confirm the vulnerability and determine the affected versions.

Audit the code to find any potential similar problems.

Prepare a fix for the upcoming release or a dedicated release.

Publish the fix to the Apple App Store as soon as possible.

Exclusions

While researching, we'd like to ask you to refrain from:

Reporting issues that do not affect security.

Reporting vulnerabilities that require a Jailbroken device.

Testing Apple iCloud, please report Apple iCloud bugs to Apple.

Reporting clickjacking vulnerabilities without server-side state-changing functionality.

Social engineering (including phishing) of Raivo OTP staff or contractors .

Any physical attempts against Raivo OTP property

Denial of Service (DoS) or spamming .

Safe Harbor

Thank you for helping keep Raivo OTP and our users safe!