The Seedvault team and community take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security issue, please send an email to [email protected] or use the GitHub Security Advisory "Report a Vulnerability" tab.

The Seedvault team will send a response indicating the next steps in handling your report. After the initial reply to your report, we will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

Due to API breakage in AOSP versions, we have one branch per major AOSP release, e.g. android14 and android15. Note that typically only the latest branch is maintained. This means that fixes for security issues do not get backported to older branches automatically. Please get in touch if you want to maintain an older branch.