Please report security or privacy issues privately before opening a public issue. If a dedicated security contact is not configured for the repository yet, use GitHub's private vulnerability reporting when available.
Security-sensitive areas include:
- File import/export handling
- Metadata parsing and writing
- Invocation of external tools such as
exiftool - Cached thumbnails, previews, and reverse-geocoding results
- Any future networking or telemetry
Photos can contain sensitive metadata, including GPS coordinates and device serial numbers. Treat metadata handling changes as privacy-sensitive.