Merge pull request #17 from JiwaniZakir/fix/15-android-mcp-scores-80-4-100-here-are-3-a

Jeomon · web-flow · commit cf6043da3a42 · 2026-04-04T19:37:21.000+05:30
Fix #15: Android-MCP scores 80.4/100 — here are 3 actions to reach 95.4
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,32 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| latest  | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in Android-MCP, please report it responsibly.
+
+**Do not open a public GitHub issue for security vulnerabilities.**
+
+Instead, please report security issues by:
+
+1. Opening a [GitHub Security Advisory](https://github.com/CursorTouch/Android-MCP/security/advisories/new) in this repository.
+2. Or emailing the maintainers directly (see the repository profile for contact details).
+
+Please include:
+- A description of the vulnerability and its potential impact.
+- Steps to reproduce the issue.
+- Any suggested mitigations or fixes (optional but appreciated).
+
+We aim to respond to security reports within **72 hours** and will work with you to understand and address the issue promptly.
+
+## Security Considerations
+
+Android-MCP communicates with Android devices over ADB. Please ensure:
+- ADB is only exposed on trusted networks.
+- Devices used with this tool are not connected to untrusted or public networks.
+- Credentials and sensitive data are never passed as plain-text tool arguments in production environments.
