Skip to content

Security: nijanthan-dev/android-simulator-rs

Security

SECURITY.md

Security

This project is designed around a strict local boundary:

  • The web UI sends structured JSON intents only.
  • The Node server owns all child process spawning.
  • Android commands are built as argv arrays with shell: false.
  • The server binds to 127.0.0.1 by default.
  • No Codex app patching.
  • No Codex++ dependency.
  • No private or undocumented Android APIs.
  • No runtime code fetched from the network.
  • No arbitrary filesystem writes from browser input.

There aren't any published security advisories