Please report suspected security vulnerabilities privately by emailing Glancemap@protonmail.com.

Do not open a public GitHub issue with exploit details, credentials, private tokens, personal data, or location traces. If you are unsure whether something is sensitive, send a short private message first and include only the minimum details needed to establish contact.

Helpful reports include:

• the affected app module or workflow,
• the app version or commit tested,
• device and Android or Wear OS version,
• clear reproduction steps,
• expected and actual behavior,
• logs or screenshots with personal data removed.

The maintainer will acknowledge reports as soon as practical and will coordinate fixes before public disclosure where the issue could affect users.

Security fixes are handled for the current main branch and the latest public release, when a public release exists.

GlanceMap is an offline-first Android and Wear OS project. Reports are most useful when they relate to app code, local phone-to-watch transfer behavior, map/theme file handling, GPX/POI/routing imports, privacy-sensitive diagnostics, or project release infrastructure.

Third-party services, map data providers, Android, Wear OS, and GitHub itself should be reported through their own vulnerability channels.