Security

Security

• Treat imported URIs and JSON as untrusted.
• Validate before starting.
• Bind proxy inbounds to loopback unless remote access is intentional.
• Protect logs and geo assets with restrictive permissions.
• Never expose the internal StatsService.
• Verify package checksums.
• Match library and process architectures.
• Stop before unloading.
• Remove credentials from logs, crash reports, and analytics.
• Keep blocking network operations away from privileged UI paths.

V2Root Core is a local proxy library. System-wide proxy configuration remains the responsibility of the host application.