Security contact
Email: security@arxsilex.de
The technical reporting channel is also published at /.well-known/security.txt.
Security
Security
This page explains how to report security vulnerabilities in ArxSilex MapTools, how security updates are communicated and which device, radio and sensor limits apply.
Updated: June 12, 2026
Contact
Report a vulnerability
Please report possible vulnerabilities confidentially so they can be reviewed and fixed before technical details are made public.
Normal support
For usage questions, feature requests and general app support, use support@arxsilex.de or the support page.
Privacy
For GDPR and privacy requests, use privacy@arxsilex.de.
Scope
What should be reported
Relevant reports include security issues that may affect app data, device functions, import/export paths or the website.
App and data
Issues in local storage, backup/restore, project files, exports, sharing, QR codes, import formats or permission flows.
Nearby features
Issues involving BLE groups, Remote ID reception, Wi-Fi/BLE processing, live features, location processing, camera, AR/LiveView or sensors.
Website
Security issues on the app website, linked files, redirects, forms or published metadata.
Report details
Information that helps
The more precise the report is, the faster it can be assessed and reproduced.
| Information | Why it helps |
|---|---|
| App version and source | For example Google Play version, test version or a specific build/version number. |
| Android version and device | Many security and radio features depend on Android version, device vendor, sensors, Bluetooth and Wi-Fi. |
| Affected feature | For example import, backup, QR code, BLE group, Remote ID, map, export, sharing or website. |
| Steps to reproduce | Short reproducible steps plus expected and actual behavior. |
| Impact | Which data, permissions or functions could be affected? |
| Evidence | Screenshots, logs or sample files only if they do not contain unnecessary personal data. |
Disclosure
Coordinated disclosure
Please test only in controlled environments and without affecting other people's data, accounts or devices.
Report confidentially
Please do not publish technical details until feedback has been provided or a fix is available.
No disruption
Please do not perform DDoS, spam, social engineering, phishing or destructive tests.
Data minimization
Please do not access, store or share other people's personal data. If such data appears accidentally, redact it in the report.
Updates
Supported versions and security updates
ArxSilex MapTools is distributed through Google Play. Security-relevant changes are listed there and in the app changelog where this can be done without unnecessary risk.
Supported version
Support generally applies to the current version available through Google Play. Older versions cannot be supported indefinitely for security reasons.
Install updates
Install app updates promptly through Google Play, especially when the changelog mentions fixes or security improvements.
Known limits
GPS, BLE, Wi-Fi, drone Remote ID, AR/LiveView and sensor features depend on the device, Android version, permissions, radio environment and data sources.
Protection
App security principles
The app is local-first and uses Android security mechanisms. Individual features may still export, share or exchange data by radio when users actively use them.
Local first
Projects, map objects, tracks, offline data, backups and Remote ID data are generally processed locally. There is currently no app-operated cloud sync.
Android model
Location, camera, Bluetooth, nearby devices, notifications and foreground services are controlled through Android permissions and visible system features.
Transport and backups
Online services are used over HTTPS where provided by the provider. Manual backups can be encrypted with password protection.
No ads/analytics
The checked app version does not use an app-owned advertising platform, Firebase Analytics, Google Analytics, Crashlytics or AdMob.
Related
Related pages
Further information about updates, privacy and data processing is available on these pages.