We actively support security updates for the following versions:

We take security vulnerabilities seriously. If you discover a security vulnerability, please follow these steps:

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please report them via one of the following methods:

1. GitHub Security Advisory: Use GitHub's private vulnerability reporting (recommended)
2. Direct Contact: Contact the maintainer directly through GitHub

When reporting a security vulnerability, please include:

• Description: Clear description of the vulnerability
• Impact: Potential impact of the vulnerability
• Steps to Reproduce: Detailed steps to reproduce (if applicable)
• Proof of Concept: If possible, include a proof of concept
• Suggested Fix: If you have ideas for a fix
• Affected Versions: Which versions are affected

• Initial Response: Within 48 hours
• Status Update: Within 7 days
• Fix Timeline: Depends on severity, but we aim for:
  • Critical: 7 days
  • High: 30 days
  • Medium: 90 days
  • Low: Next release cycle

We care about your security. Here's how you can stay safe:

• Keep Updated: Always use the latest version of the app
• Official Sources Only: Download only from the App Store or GitHub releases
• Report Issues: If you notice anything suspicious, please report it immediately
• Review Permissions: The app requests minimal permissions (iCloud and Game Center, both optional)

If you're contributing code:

• Review code before submitting
• Follow secure coding practices
• Never commit sensitive information (API keys, passwords, etc.)
• Keep dependencies updated
• Report security concerns through the proper channels

• Local Storage: Game data is stored locally or in iCloud
• No Data Collection: We don't collect user data
• Game Center: Uses Apple's Game Center (subject to Apple's privacy policy)
• iCloud Sync: Uses Apple's iCloud (subject to Apple's privacy policy)

SudoSodoku requests minimal permissions:

• iCloud: For game state synchronization (optional)
• Game Center: For user authentication and achievements (optional)

Current dependencies:

• SwiftUI: Apple framework
• GameKit: Apple framework
• Combine: Apple framework

We aim to minimize third-party dependencies and only use trusted, well-maintained libraries.

None at this time. All known security issues will be listed here once resolved.

Security updates will be:

• Documented in CHANGELOG.md
• Released as patch versions (e.g., 1.0.1, 1.0.2)
• Communicated through GitHub releases
• Prioritized over feature development

We deeply appreciate responsible disclosure of security vulnerabilities. Security researchers and contributors who help keep SudoSodoku secure will be:

• Credited in security advisories (with your permission)
• Acknowledged in release notes
• Listed in this document (if you wish)

• OWASP Mobile Top 10
• Apple Security Documentation
• Swift Security Best Practices

Thank you for helping keep SudoSodoku secure! 🔒