Skip to content

Security Policy

The apkit team takes security seriously and is committed to responsible disclosure. We appreciate your efforts to responsibly disclose your findings, and we will make every effort to acknowledge your contributions.

Supported Versions

As a small, open-source project, our resources are limited. Therefore, we can only provide security patches for the most recent version of apkit. Please ensure you are using the latest version before submitting a report.

Reporting a Vulnerability

If you believe you have found a security vulnerability in apkit or any of its related projects (apmodel, apsig), please report it to us privately.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please send an email to cocoa@amase.cc.

Please include the following details with your report:

  • A description of the vulnerability and its potential impact.
  • Steps to reproduce the vulnerability.
  • Any proof-of-concept code.

Our Commitment

  • We will acknowledge receipt of your vulnerability report as soon as possible.
  • We will work with you to understand and validate the issue.
  • We will work to release a patch in a timely manner.

We thank you for helping to keep apkit and its users safe.