If you discover a security vulnerability in Amber, please report it responsibly.
Email: edengilbertus@proton.me
Please include:
- A description of the vulnerability
- Steps to reproduce it
- Any potential impact you've identified
We will acknowledge receipt within 48 hours and aim to provide an initial assessment within one week.
Amber is a local analysis tool — it processes APK files on your machine and does not include network services, authentication, or remote data storage. Security concerns are most likely to involve:
- Maliciously crafted APK/DEX inputs causing unexpected behavior
- Path traversal or file overwrite during project synthesis
- Dependency vulnerabilities in the build chain
We will coordinate with you on disclosure timing once a fix is available. We appreciate responsible disclosure and will credit reporters in the changelog unless they prefer to remain anonymous.