If you believe you have found a security vulnerability in Toqen Mobile, please report it privately.
Contact:
Please include:
- a clear description of the issue
- affected component or screen
- reproduction steps
- impact assessment
- logs, screenshots, or proof of concept if available
Please do not publicly disclose security issues before we have had a reasonable opportunity to investigate and address them.
We prefer coordinated disclosure.
This repository includes the mobile client code and related documentation.
Issues that may be relevant include:
- authentication bypass
- QR flow abuse
- replay opportunities
- insecure local storage
- cryptographic misuse
- sensitive data exposure
- build or release integrity issues