Only the current major version of the app receives active security updates.

We take the security of Same.Energy Android Client seriously. If you believe you have found a security vulnerability in this repository, please report it to us as described below.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them using GitHub's private vulnerability reporting feature. Navigate to the "Security" tab in this repository, click "Advisories", and then "Report a vulnerability".

Alternatively, you can reach out to the project maintainers directly via email if you possess their contact information.

You can expect the following:

• We will acknowledge receipt of your vulnerability report within 72 hours.
• We will send you regular updates about our progress.
• If your report is accepted, we will coordinate a public disclosure with you so that you get full credit for the discovery.

The following items are generally out of scope for our security program:

• Vulnerabilities on the same.energy backend API platform itself (this repository ONLY covers the mobile application).
• Issues related to third-party packages or the Flutter framework (these should be reported upstream to their respective maintainers).
• Denial of Service (DoS) attacks on the client.
• Issues requiring physical access to a user's device or rooted/jailbroken devices.