Currently supported versions for security updates:
| Version | Supported |
|---|---|
| 1.5.x | ✅ |
| < 1.5 | ❌ |
We take security seriously. If you discover a security vulnerability, please follow these steps:
Instead:
-
Email: Send details to [your-email@example.com] with subject "Git Store Security Vulnerability"
-
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
-
Response Time:
- Initial response: Within 48 hours
- Status update: Within 7 days
- Fix timeline: Depends on severity
- Download APKs only from official GitHub releases
- Verify APK signatures match our certificate fingerprint
- Keep the app updated to the latest version
- Review permissions before installing
- Never commit sensitive data (API keys, tokens)
- Use environment variables for secrets
- Follow secure coding practices
- Keep dependencies updated
- Security fixes are released as soon as possible
- We credit researchers who report vulnerabilities (if desired)
- Details are disclosed after a fix is available
Git Store implements:
- HTTPS-only connections
- Certificate pinning for API calls
- Secure token storage using Android DataStore
- No tracking or analytics
- Open source code for transparency
Thank you for helping keep Git Store secure! 🔒