Legal
Security Vulnerability Report
How to report a security vulnerability
If you have information about a security vulnerability with a Nothing product or technology, please send an e-mail to g_feedback@nothing.tech.
Encrypt sensitive information using our PGP public key.
Please provide more detailed information, including:
- The products and software versions
- Detailed description
- Information on known exploits
A member of the Nothing Security Team will review your email and contact you to collaborate on resolving the issue.
g_feedback@nothing.tech only collects security vulnerabilities related to Nothing products. If you have other product related issues, please give feedback on https://nothing.tech/pages/contact-support.
PGP Public Keys
Use the public PGP key to encrypt email with sensitive information and to verify that security communications sent by Nothing are genuine.
Active Date: July 4, 2022
Expiration Date: N/A
Key ID: 0xA785B8AA
Key Type: RSA
Key Size: 4096/4096
Fingerprint: 96A4 6E60 11B0 32D9 8D54 B384 F6EF CEC6 A785 B8AA
User ID: g_feedback@nothing.tech
|
Software Updates: We commit to providing software updates to address security vulnerabilities and clearly state the minimum support period for our products, ensuring users’ devices remain secure for the intended lifespan. Here is a Product Model, System version, Date of issue and Support period List: |
|||||||
|
Product name |
Model |
First Released Time |
First Released Version |
Support Period |
Update Period |
Update Frequency |
Update end time |
|
Nothing Phone (1) |
A063 |
2022/6 |
Nothing OS 1.0 (Android 12) |
4 Years |
3 Years |
60 Days |
2025/6 |
|
Nothing Phone (2) |
A065 |
2023/6 |
Nothing OS 2.0 (Android 13) |
4 Years |
3 Years |
60 Days |
2026/6 |
|
Nothing Phone (2a) |
A140 |
2022/12 |
Nothing OS 2.5 (Android 14) |
4 Years |
3 Years |
60 Days |
2025/12 |
|
CMF Watch Pro |
D395 |
2023/9 |
V11.0.0.33 |
1 Year |
210 Days |
60 Days |
2024/4 |