You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+14Lines changed: 14 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -44,6 +44,20 @@ CleanSlate requires the following permissions for full functionality:
44
44
CleanSlate ensures your data is securely erased and inaccessible to unauthorized users. It does not store or share user data without consent.
45
45
https://cleanslate.mobi/privacy
46
46
47
+
## 🔒 Security Features
48
+
49
+
| Feature | Status |
50
+
|--------|--------|
51
+
|**Implement a wipe token**: Each user should generate a local-only encrypted token during setup, used to validate remote wipe requests. This token is never stored on your server. | ✅ Complete |
52
+
|**Strip debug metadata before production** (`minifyEnabled true` and remove `DebugProbesKt.bin`). | ✅ Complete |
53
+
|**Make remote wipe command decryptable only by the app (client-side).**| ✅ Complete |
54
+
|**Show clear user onboarding before enabling Device Admin, explaining its impact.**| ✅ Complete |
55
+
|**Disable Firebase Analytics and tracking features in production.** <br> _Replaced with secure WebSocket._| ✅ Complete |
56
+
|**Provide an activity log within the app to show received remote commands.**| ✅ Complete |
57
+
|**Use self-hosted FCM alternatives (like ntfy.sh) or open-source push systems if needed.** <br> _Replaced with secure WebSocket._| ✅ Complete |
58
+
|**Ensure app cannot silently wipe without visible confirmation unless explicitly set by user.**| ✅ Complete |
59
+
60
+
47
61
## Contributing
48
62
49
63
Contributions are welcome! Follow these steps to contribute:
0 commit comments