Project-Curtana covers Android flashing operations that can wipe data, expose logs, or alter device partitions. Treat every report involving unsafe defaults, command injection, wrong-device flashing, checksum bypass, or private data leakage as security-relevant.

Supported versions:

Report privately when a bug could cause data loss, wrong partition writes, unsafe relock guidance, command injection, or leakage of serial numbers, IMEI values, account identifiers, or personal files.

See the full policy at docs/SECURITY.md.