Only the latest release on the App Store is actively maintained.
| Version | Supported |
|---|---|
| Latest | Yes |
| Older | No |
Please do not report security vulnerabilities through public GitHub issues.
Instead, open a GitHub Security Advisory or send a private message to the repository owner.
When reporting, please include:
- A description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept
- The iOS version and app version where the issue was observed
You can expect an acknowledgement within 7 days. If the vulnerability is confirmed, a fix will be prioritised for the next release.
Issues in scope:
- Authentication or session handling flaws
- Data leakage (user health data, training data, credentials)
- Insecure data storage on-device
- Firebase security rule misconfigurations that expose user data
Out of scope:
- Attacks requiring physical access to an unlocked device
- Denial-of-service via excessive API calls
- Issues in third-party SDKs (Firebase, etc.) — report those upstream
ulTrain stores training and health data in Firebase Firestore, scoped per authenticated user. No health data is shared with third parties. See the Privacy Policy linked from the App Store listing for full details.