If you discover a security vulnerability in VoiceWrite, please report it responsibly:
- DO NOT open a public issue
- Open a private security advisory at GitHub Security Advisories
- Or email the maintainers directly with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes
We will respond within 48 hours and work with you to address the issue.
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
VoiceWrite is designed with security in mind:
The app never connects to the internet. All speech recognition happens locally using Apple's SpeechAnalyzer API.
VoiceWrite only requests two permissions:
- Microphone — For capturing audio to transcribe
- Accessibility — For typing transcribed text into other apps
- Audio is processed in real-time and immediately discarded
- Transcribed text is only held in memory during the session
- No logs, history, or caches are written to disk
The complete source code is available for audit. We encourage security researchers to review the codebase.
All releases are signed with a Developer ID certificate and notarized by Apple.
- Download from official sources — Only download VoiceWrite from the official GitHub releases or the linked website
- Verify signatures — macOS will verify the app signature on first launch
- Review permissions — Only grant permissions that you're comfortable with