Security fixes are made for the latest released version of VoiceType. Please update to the current release before reporting a vulnerability when possible.
Please do not open a public GitHub issue for a suspected vulnerability.
Use the repository's Report a vulnerability flow on GitHub to send a private report. Include the affected version, a clear description of the problem, reproducible steps or a proof of concept, and any suggested mitigation.
If private reporting is unavailable, email
michaelli2005li@gmail.com with the subject
[VoiceType security].
We will acknowledge reports within seven days, assess the impact, and work with you on a responsible disclosure timeline. Please do not publicly disclose the issue until a fix or mitigation is available.
VoiceType handles microphone input, local transcripts, and Accessibility permissions. Reports involving accidental audio/transcript disclosure, unsafe network transmission, permission bypass, code-signing or update integrity are all security reports and should use the private channel above.