If you have a billing issue, cannot log in to your Evernote account, or have any questions about your account's security, please contact our support team.
使用 Android 9.0 及以下版本的用户将收到 Evernote Legacy 应用。未来更新中将向 Android 6.0、7.0、8.0 和 9.0 版用户提供新版的 Evernote Android 版。-“把一切都放进 Evernote 吧再也不用回想东西存在哪台设备了,因为它们都在 Evernote 里!”- 《纽约时报》. Save emails to Evernote and organize them with the rest of the project, or quickly add notes from Evernote to any Outlook email to share them with others. Get tasks and projects done with Nozbe, available on all your devices and integrated with Evernote, Dropbox and GCal.
If you believe you’ve found a security vulnerability in an Evernote application, the Evernote platform, or our infrastructure that could harm Evernote or anyone who uses Evernote, please submit your findings through Evernote's HackerOne Program.
Evernote Security Hall of Fame
The individuals and teams listed below were the first to tell us about vulnerabilities that could harm Evernote or anyone who uses Evernote. Each of them have helped us make Evernote safer. If you disclosed a vulnerability to us before we created the Hall of Fame and would like to be listed, please let us know.
As of November 2019, this hall of fame page is no longer updated - instead, security researchers may receive credit for their findings through our HackerOne program.
2019
- Arvind K. facebook.com/1808arvind
- Sergey Toshin (@bagipro) https://hackerone.com/bagipro
- Nikolay Anisenya
- AJ Dumanhug of Secuna Infosec Team — https://secuna.io
- Alesandro Ortiz — https://AlesandroOrtiz.com
- shell_c0de — https://hackerone.com/shell_c0de
- Marcos 'Karz' Santos
- Grzegorz Niedziela — @gregxsunday
- Zach Zenner — @Anxious_Rabbit_
- Carlo Aprigliano — @carloaprigliano
- huangfeihong
- Guardio Research Team — https://guard.io
- Gary Hunter (@pr3cur50r) — salt4n6.com
- Renato Chencinski — https://www.linkedin.com/in/renatochen/
- Julien Thomas — Protektoid Project
- Dhiraj Mishra — @mishradhiraj_
- hearmen — http://mohamoha.club
- Jim Challis — @disgraceUK
- Taha Ismail — @rjtahaofficial
2018
- Ali Razzaq — @alirazzaq_
- Sameer Phad — @sameerphad72
- Muhammad Khizer Javed — https://twitter.com/KHIZER_JAVED47
- Haitao Zhang
- Vineet Kumar — https://hunter2.com/
- Steven Seeley (mr_me) of Source Incite
- Gayatri Rachakonda
- pavanw3b — https://pavanw3b.com
- Tongqing Zhu (Knownsec 404 Team) — https://www.knownsec.com/
- ning1022 — https://github.com/ning1022
- Sebao — http://www.daimacn.com
- Jens Müller — @jensvoid
- Lakshay Gupta — https://www.linkedin.com/in/lakshay-gupta-44102a143
- Viswanathan Govindarajan (கோ.விஸ்வநாதன்) — https://www.linkedin.com/in/adamviswa/
- Tony D'Amato
- Syed Abuthahir — https://www.linkedin.com/in/developerabu
- Anne
- Wai Yan Aung — @waiyanaun9
- Jatin Dhankhar — https://jatindhankhar.in/
- Adam Chester ( @_xpn_) — https://blog.xpnsec.com/
2017
- CongRong (@Tr3jer) — http://www.Thinkings.org/
- Marcel Brixel — https://au.linkedin.com/in/brixelmarcel
- SHWETABH SUMAN ( @SHWETABHSUMAN11 ) — https://www.facebook.com/profile.php?id=100011024580051
- Juba Baghdad — https://twitter.com/JubaBaghdad
- Shivam Poddar — https://twitter.com/TheShivamPoddar
- Vishal Shukla —https://twitter.com/shukla304
- Ali Burak AYDIN —https://www.linkedin.com/in/aliburakaydin
- Vijay Mahajan — https://www.facebook.com/vijay12041997
- Dmitry Ivanov — https://twitter.com/d1m0ck
- ak1t4 — https://twitter.com/knowledge_2014
- Raynold Sim
- Greg Royce
- Jaikishan Tulswani — https://twitter.com/_iamjk
- Amit Sangra — Linkedin.com/in/Hitman
- Atik Rahman — https://facebook.com/kind.atik
- Jay Jani — https://www.facebook.com/janijay007
- Julien Joubert-Gaillard — jmclej@gmail.com
- Ahmed Raza Memon — facebook.com/cmagicianx
- Julian Maynard — https://www.linkedin.com/in/maynardjulian
- Alex Kolchanov — kolchanov.info
- Markus Roedel — http://www.comaro.net
- Gregor Hehenberger — http://www.hehenberger.biz
- Zhiyang Zeng — https://lightrains.org
2016
- shivankarmadaan — https://twitter.com/shivankarmadaan
- nope_
- Cadmus — http://cadmus.ru
- Yaroslav Olejnik - O.J.A. — https://twitter.com/oja_c7s
- ooooooo_q — https://twitter.com/ooooooo_q
- Vijju VijayKumar — https://twitter.com/bloggingvijay
- Ian Hickey — http://www.ten24web.com
- Omar Kurt — @omarkurt
- Ty Smith — @tsmith
- Himanshu Mehta — https://in.linkedin.com/in/himanshumehta21
- M4ster — zhoul2@knownsec.com/
- Tianqi Zhang — https://www.vulbox.com/
- baimaohui — http://weibo.com/u/5734490991
- Adam Chester — @_xpn_
- Al Stewart
- Yuyang Zhou — http://weibo.com/u/1312149403
- Akshay Jain — https://www.facebook.com/akshayjain011
- Renato Chencinski — http://inspira.work/
- Ahmed Adel Abdelfattah — https://www.facebook.com/00SystemError00
2015
- Eusebiu Blindu — http://www.testalways.com
- Arseniy Kostromin — https://twitter.com/0x3C3E
- Mohamed Khaled Fathy — https://www.facebook.com/Squnity
- Jamieson O'Reilly — https://au.linkedin.com/pub/jamieson-o-reilly/70/b64/13a
- Othmane Tamagart — @0thm4n_WhiteHat
- Edison He — 0xedison@gmail.com
- Saurabh Swaroop — saurabhcs0097@gmail.com
- Muhammad Osama — https://www.facebook.com/profile.php?id=100001183774319
- Shivam Kumar Agarwal — https://www.facebook.com/shivamkumar.agarwal.9
- Adam Chester — @_xpn_
- Sree Visakh Jain — http://www.wayanadweb.com
- Luyi Xing — http://homes.soic.indiana.edu/luyixing
- Tongxin Li — litongxin1991@gmail.com
- Xiaolong Bai — bxl1989@gmail.com and bxl12@mails.tsinghua.edu.cn
- Xiaojing Liao — http://users.ece.gatech.edu/~xliao9/
- XiaoFeng Wang — http://www.informatics.indiana.edu/xw7/
- Swaroop Yermalkar — @swaroopsy
- Markus Roedel — http://www.comaro.net
- Shawar Khan — https://www.facebook.com/shawarkhanskofficial
- Sergio M Furtado Valeriano — https://www.facebook.com/sergio.valeriano
- Kalpesh Makwana — @makwanakalpesh2
- Ala Arfaoui — https://www.facebook.com/alaa.arfaoui
- Dmitry Kusliy — @dkusliy
- Zhe-An Lin — http://about.me/zal
- Frans Rosén — https://detectify.com
- Raja Kishore Kavi — www.facebook.com/rajakishorekavi
2014
- In-Gyu, Tae — graylynx@gmail.com
- Dmitry Kusliy — @dkusliy
- Francis Rohner — http://francisrohner.com/
- Fizer Khan — http://www.fizerkhan.com/
- Sachin Hallad
- Weichao Sun — http://blog.trendmicro.com/trendlabs-security-intelligence/author/weichao-sun/
- Daoyuan Wu and Rocky Chang
- Mark Arena — http://intel471.com/
- Tianqi Zhang — http://www.freebuf.com/
- Rakesh Karankote — @rakeshnagekar
- Erik Romijn — @erikpub
- Takashi Uchibe — http://uchibe.net/
- Krishna Chaitanya Kadaba — http://www.cigniti.com/security-testing
- Yu-Cheng Lin — http://www.AndroBugs.com
- Mariem El Gharbi — @mstramgram
- zhaohuan — http://security.tencent.com
- Rakan Alotaibi — @hxteam
- Nakul Mohan — https://www.facebook.com/nakul.cia
- Anonymous India — @Anonymous_India
- Yutong Pei — http://yutong.me/
- Eric Chen — http://ericchen.me/
- Yuan Tian — Yuan Tian
- Robert Kotcher — http://www.robertkotcher.com/
- Sebastian Guerrero — @0xroot
- Richard Hicks — @scriptmonkey_
- Kalki — @kalkihere
- Masato Kinugawa — @kinugawamasato
- ma.la — http://ma.la
- Fabien Duchène — @fabien_duchene
- Riccardo Arvizzigno — @riccardoar
2013
- ooooooo_q — @ooooooo_q
- Th. Michael Eißele
- William C. Beegle
- Adam Caudill — http://adamcaudill.com
- piyokango — @piyokango
- John Bicket — http://www.linkedin.com/in/jbicket
- Rakan Alotaibi — @hxteam
- Rafael Pablos — http://silverneox.blogspot.com
- Zakaria Rachid — http://www.4sec.fr
- Vladimir Kochetkov — @kochetkov_v
- Noriaki Iwasaki — @iwasakinoriaki
- Masato Kinugawa — @kinugawamasato
- Pralhad Chaskar — @c0d3xpl0it
- Denis Kolegov — @dnkolegov
- Nitesh Shilpkar — @NiteshShilpkar
- Shubham Raj — http://www.openfire-security.net
- Osman Doğan — @osmand0gan
- Kamil Sevi — @kamilsevi
- Ciaran McNally — http://makthepla.net
- Olivier Beg — http://olivierbeg.nl
- Shahee Mirza — @shaheemirza
- Tejash Patel — @tejash1991
- Maxim Rupp
- Chris John Riley — http://blog.c22.cc
- Ahmad Ashraff — @yappare
- ma.la — http://ma.la
- Hiroshi Tokumaru — @ockeghem
- Ryan Dewhurst — http://www.randomstorm.com
- Avram Marius Gabriel — http://www.randomstorm.com
2012
- Yuji Kosuga — @yujikosuga
- ma.la — http://ma.la
2011
- ma.la — http://ma.la
- Hiroshi Tokumaru — @ockeghem
General Description
Evernote provides a separate Chinese service called Yinxiang Biji (印象笔记) to give users in China a great Evernote experience. To read more background on what it's all about, why we did it, and what it means - see our China service launch blog post.
We want to make it easy for developers to build great apps and integrations that can reach all of our users. Our user base in China is growing quickly; it has already become our second largest country. You now can choose to integrate your apps with Yinxiang Biji, Evernote, or both.
For the most part, these services offer the same 'Evernote' functionality. Evernote and Yinxiang Biji will be developed in parallel and share much of the code-base, API, and features. The API for each service is also identical, so our SDKs support both services. Sharing features between the two systems differ slightly in the following ways:
- Yinxiang Biji supports public notes, but not public notebooks. Yinxiang Biji users can share notebooks with individual users.
- Users must be logged in to Yinxiang Biji to view public notes.
- Yinxiang Biji does not support sharing to social networks like Facebook and Twitter.
Since the Yinxiang Biji service is completely separate from the existing Evernote service, we built a bootstrapping protocol to help developers' apps work with both sets of users. We explain how bootstrapping works in detail below.
Description of Bootstrapping
For your app to work for users of both Evernote International and Yinxiang Biji, you must implement the bootstrapping protocol.
The concept behind 'bootstrapping' is that it provides a way to know whether a user's account is most likely on evernote.com, yinxiang.com, or if they need to be presented with the option to choose.
The bootstrap server identifies these rules based on a combination of locale and country (determined by IP address). To communicate the result, the bootstrap server returns 1 or more profiles. A choice between services must only be provided to the user if multiple profiles are returned. The selection is necessary for the cases when a user is traveling, has a preference for a service, or may have already had an Evernote account prior to the launch of the Yinxiang Biji service. If only 1 profile is returned, either evernote.com or yinxiang.com will be identified as the service to use.
Your app needs to know this information before showing any Evernote UI since it changes the UI, naming, and branding. The naming and branding differences between Evernote International and Yinxiang Biji are detailed below.
How to Implement Evernote China in Your App when linking to a User's Evernote Account
iOS Developers: currently, the Evernote SDK for iOS will automatically perform the bootstrapping logic if the supportedService
parameter is supplied when instantiating EvernoteSession
. See the iOS SDK README for more information.
Also, if the Region Format setting (found in the International area under General in the Settings app on iOS) is set to Chinese > China, your app will receive the Evernote China bootstrap profile from the server.
Android Developers: the Evernote SDK for Android will contain similar functionality in an upcoming release.
Web App Developers: you can use the accept-language
header in the HTTP request to identify users that should be given a choice between connecting to www.evernote.com or app.yinxiang.com. Unlike other platforms, you do not need to call UserStore.getBootstrapInfo
. If the accept-language
is 'zh-CN' or 'zh_CN' (regardless of capitalization), the user should be prompted to choose between the two services 'Evernote International' (for Evernote) and '印象笔记' (for Yinxiang Biji). For all other accept-language
values, you will only show the Evernote International service.
All Others: we plan to add this feature to other SDKs in the future (as dictated by user demand).
To implement bootstrapping, your app will make a call to UserStore.getBootstrapInfo(), which returns 1 or more service 'profiles' with a BootstrapInfo response. These profiles include a variety of settings - most importantly, the URLs you should use to access the service.
Summary of the Bootstrap Logic for an app:
Your app shows a button/link to link a user's Evernote account.
- If the device locale is Simplified Chinese, the button says 'Link my Yinxiang Biji account' in Chinese.
- If the device locale is something else, the button says 'Link my Evernote account' in the appropriate language.
When User taps/clicks to link their account, the app calls UserStore.getBootstrapInfo() to one of the 2 hardcoded bootstrap server URLs.
- If the current locale is Simplified Chinese (zh, zh_CN, zh_Hans, zh_Hans_CN), choose the China bootstrap URL: app.yinxiang.com
- Otherwise, choose the Evernote International bootstrap URL: www.evernote.com
When calling UserStore.getBootstrapInfo(), the app will pass in the user's locale as a single [language]_[country] string (see UserStore.getBootstrapInfo() for details)
Your app iterates through the returned list of BootstrapInfo.
If a single service profile is returned:
- Go to step 4 below.
If multiple service profiles are returned:
- Provide some sort of choice/dropdown to the user to allow them to select their service.
- The preferred (i.e. 1st profile returned) should be shown as the default selection.
- Once the user selects a service, your app can go to step 4 below.
Note: when presenting the user with the option to select their service, the names must appear as 'Evernote International' (for Evernote) and '印象笔记' for Yinxiang Biji. Optionally, you can use '我是印象笔记用户' in your UI (which means 'I am a Yinxiang Biji user').
Your app initiates the OAuth process using the serviceHost value from the service profile (example profile below — e.g., https://serviceHost/oauth).
Evernote Contact
Rules for building the UserStore and NoteStore API requests with the the service profile settings' values:
- The URL used for OAuth requests https://serviceHost/oauth.
- The URL used for all subsequent UserStore API requests is assembled by appending “https://serviceHost/edam/user” to the returned EDAM base URL.
API Keys and Activation
Apps that implement bootstrapping will need their API Key activated on both production services (evernote.com and yinxiang.com). You may request to have your API Key activated from dev.evernote.com.
Profiles and IP Rules
The table below shows the rules combining IP and locale that the bootstrap server users in order to return one or more profiles.
IP Origin Country | Locale | Profiles (in order of preference) |
---|---|---|
China | Mainland-China | Evernote China, Evernote Intl |
China | Not Mainland-China | Evernote Intl |
Not China | Mainland-China | Evernote Intl, Evernote China |
Not China | Not Mainland-China | Evernote Intl |
*(“Mainland-China” locales include: zh, zh_CN, zh_Hans, zh_Hans_CN) |
Example Service Profiles returned as BootstrapInfo when calling UserStore.getBootstrapInfo()
Evernote China Profile
Setting | Production |
---|---|
marketingUrl | http://yinxiang.com |
serviceHost | app.yinxiang.com |
supportUrl | https://support.yinxiang.com |
accountEmailDomain | m.yinxiang.com |
enableTwitteSharing | False |
enableFacebookSharing | False |
enabledSharedNotebooks | False |
enableSingleNoteSharing | False |
enableSponsoredAccounts | False |
enableGiftSubscriptions | False |
Evernote International Profile
Setting | Production |
---|---|
marketingUrl | http://evernote.com |
serviceHost | evernote.com |
supportUrl | http://www.evernote.com/about/contact/support/ |
accountEmailDomain | m.evernote.com |
enableTwitteSharing | True |
enableFacebookSharing | True |
enabledSharedNotebooks | True |
enableSingleNoteSharing | True |
enableSponsoredAccounts | True |
enableGiftSubscriptions | True |
Branding Guidelines
The actual naming and branding of the two services is distinct.
Before the login & registration UIs can be complete, the branding of the services must be established. The following are the branding rules for Evernote China and Evernote International.
Evernote Cannot Connect To Server
Company Name: Evernote
Product Name: Evernote International
Product Name (in Simplified Chinese): 印象笔记
Logo Downloads: Evernote International, 印象笔记.
Miscellany
Evernote Context
Testing
Evernote Canada
Note that your app must be connecting to a production server—www.evernote.com or app.yinxiang.com—in order to be sent multiple bootstrap profiles. If your app is configured to connect to sandbox.evernote.com, only the bootstrap profile for Sandbox will be returned (irrespective of your language or locale settings).