We are committed to maintaining a secure and stable application. We actively support and patch the latest stable version of ApexScanner-QR-Code-Reader-React-Native-Mobile-App.

We take all security vulnerabilities seriously. If you discover a security issue, please report it responsibly via one of the following methods:

1. GitHub Security Advisory: The preferred method is to report through GitHub's Security Advisories. You can create a private vulnerability report here: Create Security Advisory
   • Please provide as much detail as possible, including:
     • A clear description of the vulnerability.
     • Affected component(s) and version(s) (if known).
     • Steps to reproduce the vulnerability.
     • Any potential impact or mitigation suggestions.
2. Email: If you are unable to use GitHub Security Advisories, you can email our security team at security@apex.example.com. Please use a meaningful subject line (e.g., "Security Vulnerability Report: [Brief Description]").
   • For sensitive communications, please consider encrypting your email using our PGP key (details available on request).

We will acknowledge receipt of your report within 48 hours and aim to provide a status update or timeline for remediation as soon as possible.

We adhere to a responsible disclosure timeline. After a vulnerability is reported and validated, we will work towards a fix and aim to publicly disclose the issue and its resolution after the fix has been released and is available to users.

• Code Reviews: All code changes undergo rigorous peer review, with a focus on security best practices.
• Dependency Scanning: We regularly scan project dependencies for known vulnerabilities using automated tools.
• Static Analysis: Linters and static analysis tools are integrated into our CI/CD pipeline to catch potential security flaws early.
• Secure Coding Standards: We follow secure coding guidelines, especially concerning data handling, input validation, and native module interactions.
• Minimal Permissions: The application requests only the necessary permissions for its core functionality.
• On-Device Storage: Sensitive data, like scan history, is stored securely on-device using robust solutions like MMKV.

Thank you for helping to keep ApexScanner-QR-Code-Reader-React-Native-Mobile-App secure!