Found bug in football app

Hello making money with android,

I found a bug in an app from a tv channel where you can stream live football. Normally you need a subscription for it to watch but i found a way to watch without paying for it.

So my question is how much i can ask the company to give me as a reward for finding such a bug, if you want to watch 1 game without subscription it will cost about 12 euro, a month subscription costs about 16 euro, and a season costs 150 euro.

Please tell me what you think, i want to know how much I can get from them.

I think they will have hired some developers and the moment you give them hint about the actual problem they are going to find the bug and fix it.
If they hired some freelancer for it, then you have good chances.

If it is ESPN/Start Sports, ask for anything above 1000 euro

Hello

Thanks for your reply, i already contacted them a bunch of times but they never replied me or gave me any feedback.

Today i send another email threatening that i was gonna release the bug online, so i hope they will reply me soon.

Dude… it sounds like you are threatening their business (by releasing information) unless they pay you (a bug bounty). This is called EXTORTION and it is ILLEGAL in almost every country.

I know its illegeal but i contacted them several times but they dont take me serious, but this bug is actually really serious.

It doesn’t matter. It’s still illegal.

What would you do in this situation?

Not do what you did. The proper way is to write a business letter to their support group and ask to be forwarded to their engineering group. Ask for a reply if they forwarded it or not.

I doubt from the way you posted this out that you did this correctly or did it in a business like manner.

Companies get emails all day long like you probably sent. a video of it doing the bug with it blurred out for how it happens would have gone a long way.

Hello

Thanks for the reply, the video is a good idea. I think I have to try that, i don’t have any experience with this kind of thing.

Try find out if they have a Product Manager for the app. If so, get hold of that person. They will know everyone involved and can tell you IF there is a bug bounty program and if not, what the likelyhood is that one could be created.

I really don’t know how you imagine this playing out … They send you some money via Paypal or something ?

If I was them, I would assume it would go like this:

  1. You provide proof
  2. We confirm it.
  3. We try replicate it, so we don’t need to pay you.
  4. We claim we don’t have any business process in place that would allow us to pay you.
  5. Ask if you will just give us the information anyway
  6. Try buy you off with some SWAG or gift cards for airtime that our marketing department has laying about
  7. Give up and call a meeting to decide how serious the business value and potential losses are.
  8. Have some senior executive sign off on actually paying you
  9. Form a contract with a bonded escrow agent that will hold the money until we can confirm the bug
  10. Form a contract with you (for tax deduction purposes)
  11. Negotiate value of the bug. Less costs.

Seriously… it is a MAJOR PITA to go through all this (from both sides). Just send them the damn info and be done with it. Or forget about it. Or get a lawyer involved. You should probably do that regardless given that you have attempted to extort money from them (it seems?).

If its a decent sized group that could all be done in a couple days to a couple of weeks.

The engineering group i work for (day job) has to come up with answers in 24 to 48 hours to compliance issues that could shut down every system we have around the world. We are pretty big so we have a whole team of lawyers that could deal with things such as the above in hours. It is their job to do things like this that i would call a pain in the ass. Smaller groups take longer obviously.

Sure, but that is an engineering group, NOT a software company.

So thanks for all replies, i finally got an email back from them in which they tell me they will look at it and get back to me.

Uhm yes it is, we make video gambling games that are used in casinos worldwide as one of our many products. We are one of the oldest, largest and most profitable gaming device manufacturers. Without saying who i work for i guarantee you have seen our products in movies, pictures or in real life at a casino.

I say engineering group as we do both the hardware and software engineering. We have a single building dedicated to just OS and Game software engineering. I am sitting in the game development (software) area as i type this.

Well, consider yourself lucky.

I have a MSc in Mech Eng, and after working for a large… err… let’s call it ‘organization that makes ocean going platforms with pointy ends’, moved to software. Ended up in a software company with around 300 people making software for engineers. Then got acquired by a 6000 people software company.

My experience is that the larger the company gets the more red tape there is to get the job done… so, (once again), consider yourself lucky to work in a lean environment where things get done! :slight_smile:

Yea. This is an odd industry tho, very small for the massive things it does. Some people call it the silicon valley of Las Vegas. We are a fortune 500 company that acts like a mom and pop shop… Kinda funny really.