We take the security and privacy of Secure Dialer extremely seriously. Because we handle critical user data (contacts, call logs) entirely on-device with zero internet permission, our attack surface is significantly minimized.
The following versions of Secure Dialer are currently supported with security updates:
| Version | Supported |
|---|---|
| 1.x | ✅ Yes |
| < 1.0 | ❌ No |
If you discover a security vulnerability or privacy leak within this repository, please do not open a public GitHub issue. Publicly disclosing a vulnerability can expose users to unnecessary risks.
Instead, please report the vulnerability through one of the following methods:
- GitHub Security Advisories: Navigate to the "Security" tab of this repository and click "Report a vulnerability" to submit a private draft.
- Direct Email: Contact the maintainers at
movstore.online@gmail.com.
To help us investigate and patch the issue quickly, please include:
- A detailed description of the vulnerability.
- Clear, step-by-step instructions to reproduce the issue (and a proof-of-concept script/app if available).
- The potential impact (e.g., local privilege escalation, unauthorized permission bypass).
- The Android OS version and device model on which you reproduced the issue.
- Acknowledgement: We will acknowledge receipt of your report within 48 hours.
- Triage & Fix: We will keep you updated as we investigate, verify, and develop a patch for the issue.
- Disclosure: Once a patch is released, we will publicly disclose the vulnerability and credit you for your responsible disclosure (if desired).
As a fundamental security architecture of Secure Dialer, this application does not declare the android.permission.INTERNET permission.
- This means the app is physically incapable of transmitting any data (contacts, logs, numbers dialed) over the web.
- This is our core cryptographic and OS-level guarantee of your privacy.