Skip to content

Security: karOS555/FocusForcePlus

Security

SECURITY.md

Security Policy

Reporting a vulnerability

If you find a security issue, please report it privately instead of opening a public issue.

Use GitHub's private reporting: go to the Security tab of this repo and choose Report a vulnerability. That keeps the details private until there's a fix.

Please include what you found, how to reproduce it, and what an attacker could do with it. I'll respond as soon as I reasonably can.

Scope

FocusForce+ runs entirely on your device. It has no servers, no accounts, and no internet permission, so the usual network attack surface doesn't exist. The things worth reporting are more like: a way for another app to read FocusForce+ data it shouldn't, a way to bypass a lock that's supposed to hold, or a crash that can be triggered from outside the app.

Supported versions

This is a beta, so only the latest release gets fixes. Please test against the newest version before reporting.

There aren't any published security advisories