Security
Last reviewed: July 16, 2026
Droidex uses HTTPS, restrictive browser security headers, secure HTTP-only session cookies, scoped authentication, abuse limits, and monitored application services. No internet service can eliminate every risk, so responsible reports are welcome.
Report a vulnerability
Email [email protected] with the subject “Droidex security report.” Include the affected URL or feature, clear reproduction steps, likely impact, and any safe proof that helps us reproduce the issue. Do not include credentials, access tokens, or unrelated personal data.
Safe research guidelines
- Use your own account and test data.
- Stop when you confirm a vulnerability; do not access, alter, or retain another person's data.
- Do not disrupt availability, send spam, use social engineering, perform denial-of-service tests, or run broad automated scans.
- Give Dubtrackr a reasonable opportunity to investigate and correct the issue before public disclosure.
Scope notes
Reports about Droidex code, authentication, authorization, private data exposure, and its public web or API surfaces are useful. Issues that affect only third-party services, missing best-practice headers with no security impact, automated scanner output without reproduction, and game exploits outside Droidex are generally out of scope.
Response
Dubtrackr will make a good-faith effort to acknowledge credible reports, assess severity, and communicate material status changes. Droidex does not currently operate a paid bug-bounty program.