AutoDND is a small open-source app with no backend, no user accounts, and no internet access. If you find a security issue, please do not open a public GitHub issue.

Instead, report it privately via GitHub's Security Advisories.

Include:

• A description of the vulnerability
• Steps to reproduce
• Potential impact

You can expect an acknowledgement within 72 hours and a fix or decision within 14 days.

In scope:

• Local privilege escalation via the foreground service
• DND bypass or unintended activation
• Data leakage from the Room database or DataStore

Out of scope:

• Issues requiring physical device access
• Android OS-level vulnerabilities
• Social engineering