Komoot is one of the most popular route-planning apps on the market and has many functions that are designed to make route planning an easier experience.
Please visit the official website for the latest information.
Security vulnerability reward program
Komoot rewards the effort of security researchers who help us to make our platform more secure. We offer rewards for finding security vulnerabilities in our website, mobile applications and backend infrastructure.
Scope
- Our website on komoot.com, account.komoot.com (and its language domains komoot.de/fr/it/etc.). This also includes subdomains like account.komoot.com, but not blog.komoot.com/de/fr/it/... or *tile.komoot.* or *thunderforest.komoot.* . Note that some integrations are run by 3rd parties so we might delegate your submission to our partners.
- Our mobile apps including Android, iOS, Garmin and Samsung Watch.
- Our oauth2 integration for 3rd parties.
- Our backend APIs on *.komoot.net and *.komoot.de.
- Our AWS infrastructure including access to AWS APIs with vulnerable permissions or network access to our VPCs.
- Our DNS configuration.
- Our email system.
