Security
Responsible disclosure and researcher collaboration
WIRESHIELD is built by security people, for security. We treat the research community as allies, not adversaries. If you have found a vulnerability in our app, our website, or our backend, we want to hear from you, and we will work with you in good faith to fix it.
Report a Vulnerability
Email us. Encrypted reports are welcome, and a PGP key is available on request.
- Security: security@fieldresearch.io
- Machine-readable: /.well-known/security.txt (RFC 9116)
Helpful details: a clear description, the steps to reproduce, the affected platform or endpoint, and the impact you believe it has. Proof-of-concept is appreciated but never required to start a conversation.
Scope
- The WIRESHIELD iOS and Android apps, and the Apple Watch and Wear OS companions.
- wireshield.app and its API endpoints.
- Our authentication, subscription, and data-handling paths.
Safe Harbor
We will not pursue legal action against researchers who act in good faith under this policy. Good faith means: you make a reasonable effort to avoid privacy violations, data destruction, and service degradation; you only interact with accounts and devices you own or have explicit permission to test; you do not run automated denial-of-service or volumetric testing; and you give us reasonable time to remediate before any public disclosure.
What to Expect
- We aim to acknowledge your report within 3 business days.
- We will keep you updated as we investigate and remediate.
- With your permission, we credit researchers who report valid issues (see below).
Recognition
We believe in giving credit. If you report a valid issue and would like to be named, we will acknowledge you here. If you prefer to stay anonymous, that is respected.
Out of Scope
- Social engineering of our team, customers, or vendors.
- Physical attacks, and testing against hardware you do not own.
- Findings in third-party services we depend on (report those to the third party).
- Reports from automated scanners with no demonstrated, reproducible impact.
Thank you for helping keep WIRESHIELD users safe. Building category-defining security is a shared effort, and we are glad you are part of it.