How to Report a Security Issue Found on Papaya FM

The Papaya FM Support Team works very hard to ensure that Papaya FM is a secure environment where your account information is safe. However, if in the off chance you find an issue on Papaya FM that could put the personal information and integrity of Papaya FM and its users at risk, here’s how you can report it to us.

 

What’s Considered a Security Issue

A security issue would be defined as a flaw in the technical (i.e. the coding of Papaya FM) implementation or design of Papaya FM, that would allow someone to affect the security of our users.

 

Some Example Issues would be Vulnerabilities that Allow for:

  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)
  • Remote Code Execution (RCE)
  • Unauthorized Access to Private Information
  • Performing Actions as Another User
  • Performing Actions to Stories with an Unauthenticated Account
  • Bypassing API limits
  • Downloading of Papaya FM files outside of the official Papaya FM apps

 

Where Would a Security Issue be Found

Please report any security issue that can be exploited through the following methods of accessing Papaya FM:

  • Feedback of Papaya FM Android app or our Support Team’s Email (papayafm@papayamobile.com)
  • Feedback of Papaya FM iOS app or our Support Team’s Email (papayafm@papayamobile.com)
  • Our Support Team’s Email (papayafm@papayamobile.com) Displayed at Papaya FM desktop website
  • Our Support Team’s Email (papayafm@papayamobile.com) Displayed at Papaya FM desktop website

 

Reporting a Security Issue

Reporting a security issue is done in the same way one would report a bug at Papaya FM, save for some extra details that are required.

When reporting a security issue, include the following details:

  • Your name and username at Papaya FM
  • Any organizations that you are associated with, along with your position (e.g. a penetration tester at a cyber security organization)
  • How you came upon this security issue
  • Detailed steps to reproduce the security issue
  • Screenshots of the security issue occurring

 

If you find any security issue described above, please report it to our Support Team via the app’s Feedback or email for review.

On the Web:

  1. Log in to your email account, which has been applied to sign up to Papaya FM.
  2. Write an email to our Support Team, specifying how the audiobook/chapter, comment, or username you report violates against our Terms of Service, the location of violation, and any other helpful information or evidence.
  3. The report will reach the Papaya FM Support Team (papayafm@papayamobile.com), where it will be reviewed by a member of our team. We will follow up with you on the status of your report.

 

On the iOS app:

  1. Go to My Account at the bottom of the interface.
  2. Click Feedback.
  3. Specify how the audiobook/chapter, comment, or username you report violates against our Terms of Service, the location of violation, and any other helpful information or evidence in the “Description” and enter your email address which has been applied to sign up to Papaya FM.
  4. Click “Submit” to submit your report to us.
  5. The report will reach the Papaya FM Support team, where it will be reviewed by a member of our team. We will follow up with you on the status of your report.

 

On the Android app:

  1. Click at the top left hand of the interface to open the sidebar menu.
  2. Click Feedback.
  3. Specify how the audiobook/chapter, comment, or user you report violates against our Terms of Service, the location of violation, and any other helpful information or evidence in the “Description” and enter your email address which has been applied to sign up to Papaya FM.
  4. Click at the top right hand of the interface to submit your report to us.

The report will reach the Papaya FM Support team, where it will be reviewed by a member of our team. We will follow up with you on the status of your report.