Blindo Vision is maintained as a single active line. Security fixes target the latest release published on the main branch.

Please do not open a public GitHub issue for security problems.

Report vulnerabilities privately through GitHub Security Advisories:

https://github.com/parisbs/blindo-vision-android/security/advisories/new

Include, when possible:

• A description of the issue and its impact.
• Steps to reproduce, ideally with a minimal proof of concept.
• The Android version, device model, and Blindo Vision build affected.
• Any relevant logs (with personal data redacted).

You can expect:

• Acknowledgement of your report within 7 days.
• A first assessment and triage within 14 days.
• Coordinated disclosure within 90 days, or sooner if a fix is ready.

In scope:

• The Blindo Vision Android application source code in this repository.
• Build and release configuration that ships with the app.

Out of scope:

• Issues in third-party services the app talks to (notably Microsoft Azure AI Vision). Report those directly to the upstream vendor.
• Issues in third-party libraries declared in libraries.gradle. Report those to the upstream maintainers; we will track and update affected dependencies when fixes are released.
• The privacy of screenshots stored locally by the operating system, which is outside the app's control (see README.md).

Good-faith security research, conducted in accordance with this policy and without violating the privacy of users or degrading the service, is welcome. We will not pursue legal action against researchers who follow this policy.