We actively support the following versions with security updates:
| Version | Supported |
|---|---|
| Latest | β Yes |
| < 1.0 | β No |
We take the security of PyTorch Android Mobile Application seriously. If you believe you have found a security vulnerability, please report it to us as described below.
Please DO NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via:
- Email: Contact the repository owner directly through GitHub
- Private Security Advisory: Use GitHub's private vulnerability reporting feature
Please include the following information:
- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the issue
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 5 business days
- Status Update: Every 7 days until resolved
- Fix Timeline: Varies based on severity
- Critical: 7 days
- High: 30 days
- Medium: 90 days
- Low: Best effort
- Acknowledgment - We'll confirm receipt of your report
- Investigation - We'll investigate and validate the issue
- Resolution - We'll work on a fix
- Disclosure - We'll coordinate disclosure with you
- Credit - We'll publicly thank you (if you wish)
When using this application:
- β Only download models from trusted sources
- β Keep the app updated to the latest version
- β Review app permissions before granting
- β Don't process sensitive or personal images if privacy is a concern
- β Be aware that on-device processing means your images stay on your device
- β Validate all inputs from the model
- β Use secure model loading practices
- β Implement proper error handling
- β Keep dependencies up to date
- β Follow Android security best practices
- β Use ProGuard/R8 for release builds
- β Implement certificate pinning if networking is added
- Model Integrity: Always verify the source of PyTorch models
- Model Tampering: Models should be downloaded from trusted sources only
- Adversarial Attacks: Be aware that ML models can be fooled by adversarial examples
This app requires:
READ_EXTERNAL_STORAGE- To read images from gallery- No network permissions (fully offline)
- All image processing happens on-device
- No data is sent to external servers
- Images are not stored or logged by the app
We appreciate security researchers who help us keep this project secure:
No vulnerabilities reported yet - be the first!
- We follow coordinated disclosure
- We aim to patch vulnerabilities before public disclosure
- We'll credit security researchers (with permission)
- We'll publish security advisories for significant issues
We support safe harbor for security researchers who:
- Make a good faith effort to avoid privacy violations
- Only interact with accounts you own or with explicit permission
- Do not exploit vulnerabilities beyond demonstration
- Report vulnerabilities promptly
- Keep vulnerabilities confidential until they are resolved
Thank you for helping keep PyTorch Android Mobile Application and its users safe! π