From c1aef8980f0db7ec151dbaa1497c7f5192a6532a Mon Sep 17 00:00:00 2001
From: Jean-Baptiste <jeanbaptiste.charron@outlook.fr>
Date: Sat, 20 Dec 2025 15:12:13 +0100
Subject: [PATCH] [doc] Create an security markdown file

Signed-off-by: Jean-Baptiste <jeanbaptiste.charron@outlook.fr>
---
 SECURITY.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..afc612b4b
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+## Reporting Vulnerabilities
+You can report a security vulnerability by creating an issue or send mail to security@comaps.app
+
+## Verifying Fingerprints
+
+To [verify](https://developer.android.com/studio/command-line/apksigner#usage-verify) the APK, use the following signing certificate fingerprints:
+```
+SHA-256: 4894e8e6963627ef660031d8593fe77297f835acb4e23810003e926135023b4c
+SHA-1: 8b7b5739f917e9f7c681671ced0c9c8562123ade
+MD5: 9cce0ffea281dc2f0e0a154d6d2e281e
+```
+
+To verify CoMaps via [AppVerifier](https://github.com/soupslurpr/AppVerifier), use the following signing certificate fingerprint:
+```
+app.comaps
+48:94:E8:E6:96:36:27:EF:66:00:31:D8:59:3F:E7:72:97:F8:35:AC:B4:E2:38:10:00:3E:92:61:35:02:3B:4C
+```