Add red-team security assessment across iOS, Android, and worker stack by jamditis · Pull Request #21 · jamditis/keyjawn

jamditis · 2026-02-21T01:41:15Z

Capture a focused adversarial review of transport/auth, secret custody, and execution trust boundaries across Android, iOS (app + keyboard extension), and the worker backend.
Provide prioritized, actionable remediation and post-fix adversarial test cases to guide secure hardening and CI checks.

Add docs/security/red-team-assessment-2026-02-21.md, a 196-line report with attacker models, seven findings (high-severity SSH trust and key-custody issues called out), remediation guidance, and suggested adversarial tests.
Calls out platform-specific items: iOS host-key verification and Keychain-to-AppGroup key mirroring, Android ScpUploader API footgun, and worker fail-open approval / shell invocation risks.
Includes a prioritized remediation plan and suggested regression/adversarial test cases to prevent regressions.

This is a documentation-only change; no unit tests were modified or required.
Verified the new file was staged and committed with git status --short which showed the new file, and inspected contents with nl -ba docs/security/red-team-assessment-2026-02-21.md | sed -n '1,260p'; both commands completed successfully.
No automated unit/integration tests applicable for this docs-only PR.

Add comprehensive red-team security assessment

3b2d007

jamditis added the codex label Feb 21, 2026 — with ChatGPT Codex Connector

jamditis merged commit ab1f1ef into main Feb 21, 2026
1 check passed

jamditis deleted the codex/conduct-red-team-assessment-for-mobile branch February 21, 2026 01:43

Provide feedback