If you find a security issue, please report it privately instead of opening a public issue.
Use GitHub's private reporting: go to the Security tab of this repo and choose Report a vulnerability. That keeps the details private until there's a fix.
Please include what you found, how to reproduce it, and what an attacker could do with it. I'll respond as soon as I reasonably can.
FocusForce+ runs entirely on your device. It has no servers, no accounts, and no internet permission, so the usual network attack surface doesn't exist. The things worth reporting are more like: a way for another app to read FocusForce+ data it shouldn't, a way to bypass a lock that's supposed to hold, or a crash that can be triggered from outside the app.
This is a beta, so only the latest release gets fixes. Please test against the newest version before reporting.