If you've found a security vulnerability in Signal, please report it via email to security@signal.org.
Please only use this address to report security flaws in the Signal application. Signal does not have a bounty program, but does investigate security flaws reported to this address. For questions, support, or feature requests, please submit a support request or join the unofficial community forum.