We release patches for security vulnerabilities in the following versions:
| Version | Supported |
|---|---|
| latest | ✅ |
| < latest | ❌ |
We recommend always using the latest version of Notice from the Google Play Store or building from the latest source.
We take security seriously at Notice. If you discover a security vulnerability, please report it responsibly.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via email to the repository owner or through GitHub's private vulnerability reporting feature:
- Go to the Security tab of this repository
- Click "Report a vulnerability"
- Fill out the form with details about the vulnerability
Please include the following information:
- Type of vulnerability (e.g., data exposure, permission bypass, etc.)
- Full path of the affected source file(s)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact assessment
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution Target: Within 30 days (depending on complexity)
- Acknowledgment: We'll confirm receipt of your report
- Investigation: We'll investigate and validate the issue
- Updates: We'll keep you informed of our progress
- Fix: We'll work on a fix and coordinate disclosure
- Credit: With your permission, we'll credit you in the release notes
Notice is built with privacy as a core principle:
- No Network Access: The app does not connect to the internet
- On-Device Storage: All data remains on your device
- No Analytics: No tracking, telemetry, or data collection
- Open Source: Full transparency through open source code
Notice requires the following Android permissions:
- Notification Listener: Required to read notification history
- Storage (optional): Only if you choose to export data
- Notification data is processed and stored locally only
- No data is transmitted to external servers
- Users have full control over their data
If you're contributing to Notice:
- Never add network capabilities without explicit approval
- Never add analytics or tracking of any kind
- Review dependencies for security issues before adding
- Follow secure coding practices
- Keep dependencies updated to patch known vulnerabilities
We regularly audit our dependencies for security vulnerabilities using:
- GitHub Dependabot alerts
- npm/pnpm audit
For security concerns, you can also reach out through:
- GitHub Security Advisories
- Opening a private security report on GitHub
Thank you for helping keep Notice secure! 🔒