Currently supported versions of Year Dots:

Please do not report security vulnerabilities through public GitHub issues.

If you discover a security vulnerability, please report it via:

Email: krishanaindia773@gmail.com

GitHub Security Advisories: https://github.com/ikrishanaa/Yeardots/security/advisories/new

What to include:

• Type of vulnerability
• Full paths of source file(s) related to the vulnerability
• Location of the affected source code (tag/branch/commit or direct URL)
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit it

Response Timeline:

• We will acknowledge your report within 48 hours
• We will provide a detailed response within 7 days
• We will notify you when the vulnerability is fixed

Year Dots follows these security practices:

• No internet permission - App operates 100% offline
• No analytics or tracking - Zero data collection
• Local storage only - Settings stored in encrypted DataStore
• Minimal permissions - Only wallpaper access required

• Regular dependency updates
• No third-party libraries with known vulnerabilities
• Code reviews for all changes
• Signed releases to prevent tampering

• Security vulnerabilities will be disclosed after a fix is released
• Credit will be given to reporters (unless anonymity is requested)
• CVE IDs will be requested for critical vulnerabilities

Thank you for helping keep Year Dots and its users safe!