DROIDEX

Security

Last reviewed: July 16, 2026

Droidex uses HTTPS, restrictive browser security headers, secure HTTP-only session cookies, scoped authentication, abuse limits, and monitored application services. No internet service can eliminate every risk, so responsible reports are welcome.

Report a vulnerability

Email [email protected] with the subject “Droidex security report.” Include the affected URL or feature, clear reproduction steps, likely impact, and any safe proof that helps us reproduce the issue. Do not include credentials, access tokens, or unrelated personal data.

Safe research guidelines

Scope notes

Reports about Droidex code, authentication, authorization, private data exposure, and its public web or API surfaces are useful. Issues that affect only third-party services, missing best-practice headers with no security impact, automated scanner output without reproduction, and game exploits outside Droidex are generally out of scope.

Response

Dubtrackr will make a good-faith effort to acknowledge credible reports, assess severity, and communicate material status changes. Droidex does not currently operate a paid bug-bounty program.