Skip to content

Security: twofas/2fas-ios

Security

SECURITY.md

Security

At 2FAS, the security is a top priority. If you encounter a potential security issue please report it following the guidelines below.

Reporting Security Issues

If you believe you've discovered a security vulnerability in iOS mobile application, please do not post it publicly on GitHub. Instead, contact our security team directly by emailing security@2fas.com. If possible, please encrypt your message using our PGP key (here)

To help us address the issue quickly, please include the following information:

  • The specific product affected (e.g., iOS app, Android app, Browser Extension, API server, etc.)
  • Type of issue (e.g., unauthorized data access, privilege escalation, etc.)
  • Detailed steps to reproduce the issue
  • Any relevant details about the affected environment (e.g., device model, OS version)
  • Potential impact and any proof-of-concept code, if available

You should expect a response within 72 hours. If you don't receive a confirmation, please follow up to ensure we received your report.

Communication Language

We prefer all communications to be in English.

Policy

2FAS adheres to the principles of Coordinated Vulnerability Disclosure.

There aren’t any published security advisories