| Version | Supported |
|---|---|
| 1.x | ✅ |
If you discover a security vulnerability, please do NOT open a public issue.
Instead, report it privately:
- GitHub Security Advisories — use the "Report a vulnerability" button on the Security tab of this repository.
- Include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge receipt within 48 hours and aim to release a fix within 7 days for critical issues.
This project runs with root privileges on Android devices. Please pay special attention to:
- Command injection via proxy host/port fields
- Intent API abuse (unauthorized callers)
- Privilege escalation via Magisk module scripts
- Insecure storage of proxy credentials
We follow responsible disclosure. Once a fix is released, we will publicly credit the reporter (unless anonymity is requested).