1. Home
  2. Bug Bounty Programs
  3. OPPO
HackerOne · Bug Bounty

OPPO Bug Bounty Program

Complete guide to OPPO's bug bounty program on HackerOne. View in-scope assets, reward amounts, response times, and tips for finding vulnerabilities.

Program Overview

OPPO runs a bug bounty program on HackerOne. The program has 135 in-scope assets and is managed by HackerOne's triage team.

135
In-Scope Assets
20h
Avg Response
99%
Efficiency
5d
Avg Bounty Time
9d
Avg Resolve

In-Scope Assets

AssetTypeMax SeverityEligible
A16kHARDWARECriticalBounty
A76HARDWARECriticalBounty
A96HARDWARECriticalBounty
ColorOSOTHERCriticalBounty
F 21 ProHARDWARECriticalBounty
FindN2HARDWARECriticalBounty
FindN2FlipHARDWARECriticalBounty
FindN3HARDWARECriticalBounty
FindN3FlipHARDWARECriticalBounty
FindX6HARDWARECriticalBounty
FindX6ProHARDWARECriticalBounty
FindX7HARDWARECriticalBounty
FindX7UltraHARDWARECriticalBounty
K10HARDWARECriticalBounty
K105GHARDWARECriticalBounty
K9HARDWARECriticalBounty
K9ProHARDWARECriticalBounty
K9sHARDWARECriticalBounty
Low Level Properties and Test environmentOTHERCriticalBounty
NARZO 80 Lite 4GHARDWARECriticalBounty
NARZO 80 Pro 5GHARDWARECriticalBounty
NARZO 80x 5GHARDWARECriticalBounty
Narzo 80 lite 5GHARDWARECriticalBounty
Porsche-BHARDWARECriticalBounty
Reno 9 5GHARDWARECriticalBounty
Reno105GHARDWARECriticalBounty
Reno10Pro+5GHARDWARECriticalBounty
Reno10Pro5GHARDWARECriticalBounty
Reno115GHARDWARECriticalBounty
Reno11Pro5GHARDWARECriticalBounty
Reno12HARDWARECriticalBounty
Reno12ProHARDWARECriticalBounty
Reno8Pro5GHARDWARECriticalBounty
Reno9Pro+5GHARDWARECriticalBounty
Reno9Pro5GHARDWARECriticalBounty
com.coloros.assistantscreenOTHER_APKCriticalBounty
com.coloros.findmyphoneOTHER_APKCriticalBounty
com.coloros.pictorialOTHER_APKCriticalBounty
com.coloros.videoGOOGLE_PLAY_APP_IDCriticalBounty
com.coloros.walletOTHER_APKCriticalBounty
com.finshell.financeOTHER_APKCriticalBounty
com.finshell.walletOTHER_APKCriticalBounty
com.fintech.lifeOTHER_APKCriticalBounty
com.heytap.bookOTHER_APKCriticalBounty
com.heytap.browserGOOGLE_PLAY_APP_IDCriticalBounty
com.heytap.cloudGOOGLE_PLAY_APP_IDCriticalBounty
com.heytap.databaseengineOTHER_APKCriticalBounty
com.heytap.health.internationalGOOGLE_PLAY_APP_IDCriticalBounty
com.heytap.health.quickappOTHER_APKCriticalBounty
com.heytap.heymelodyOTHER_APKCriticalBounty

Showing 50 of 135 in-scope assets. View all on HackerOne.

Out-of-Scope Assets

  • com.fullmetalgamedev.fruitshooting

Tips for Hacking OPPO

  1. Read the policy — Understand what's in scope, out of scope, and any specific testing restrictions before you start.
  2. Enumerate the attack surface — Use subdomain enumeration and directory bruteforcing to map all accessible endpoints.
  3. Focus on high-impact bugs — Look for SQL injection, SSRF, and IDOR vulnerabilities first.
  4. Test authentication flows — Check for OAuth misconfigurations and CSRF in login/signup flows.
  5. Write clear reports — Include steps to reproduce, impact assessment, and suggested remediation. Use Burp Suite to capture evidence.

Frequently Asked Questions

How do I start hacking OPPO?

Sign up on HackerOne, read the program policy carefully, review the in-scope assets listed above, and start testing. Always stay within scope and follow responsible disclosure guidelines.

Does OPPO pay bounties?

Yes, OPPO offers monetary rewards for valid security vulnerabilities.

What types of vulnerabilities does OPPO accept?

OPPO accepts reports for vulnerabilities found in their 135 in-scope assets. Common accepted vulnerability types include XSS, SQL injection, SSRF, IDOR, authentication bypass, and RCE. Check the program policy for specific exclusions.

Similar Programs on HackerOne

AboitizPower

HackerOne · VDP · 71 assets

X / xAI

HackerOne · Bug Bounty · 19 assets

Sorare

HackerOne · Bug Bounty · 3 assets