- No INTERNET permission — the app cannot make network requests
- No data exfiltration — all card data stays on-device
- Public data only — reads the same data any POS terminal reads
- No card cloning — cannot write to cards or emulate cards
If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public GitHub issue
- Email the maintainer directly
- Allow reasonable time for a fix before public disclosure
This app reads publicly accessible EMV data per ISO/IEC 7816 and EMV specifications. No encryption is broken. No authentication is bypassed. No private keys are extracted.