Catima is designed to use as little permissions as possible to limit both the attack surface as well as the damage that can be done when abusing a security flaw.
Only the most recent stable release is supported.
Security vulnerabilities can be reported through GitHub Security Advisories or the contact info written on my personal website. Currently, Matrix is the only end-to-end encrypted option.
Please note that only security vulnerabilities in Catima should be reported as stated above. For other issues, including antivirus false positives and malicious applications trying to trick people into granting them Catima's "Read Cards" permission, please use regular issues.