Summary
The public homepage tells users that APN needs no signup and no email because the password is generated on-device, but the repository README still tells testers to "sign in" before testing.
For a tester following the README first, "sign in" implies an account/login step that the public product copy explicitly says does not exist. This creates a confusing first-run test path before the user even reaches the connection/server-switching scenarios APN wants tested.
Steps to reproduce
-
Open https://apn.tech/.
-
Read the install section: No signup, no email — password generated on-device.
-
Open this repository's README.md.
-
In What to Test, read the first instruction:
Install the app, sign in, connect to a few servers, and try to break things.
Actual result
The public product page says there is no signup/email account flow, while the tester README instructs people to sign in.
Expected result
The README should match the actual product flow. For example:
Install the app, open it, let it generate the on-device password, connect to a few servers, and try to break things.
Or, if a login step is required on some clients, the README should name the exact credential flow so testers know what to do.
Impact
This is a low-severity documentation/UX bug, but it affects the bug bounty intake path: new testers may waste time looking for an account flow, confuse login with signup, or omit first-run details from reports because the documented setup path does not match the public product promise.
Duplicate check
Searched existing issues for sign in, signup, no signup, no email, login, and password generated; I did not find an existing report for this README mismatch.
Environment
Observed on June 26, 2026 using the public APN homepage and the current master branch README. No login, account, app installation, or private testing was used.
Reward address
If this is accepted and reward-eligible, payout can go to USDT ERC-20 on Ethereum mainnet:
0x06f44f4839fd5df4f4670036d028b29dec939363
Summary
The public homepage tells users that APN needs no signup and no email because the password is generated on-device, but the repository README still tells testers to "sign in" before testing.
For a tester following the README first, "sign in" implies an account/login step that the public product copy explicitly says does not exist. This creates a confusing first-run test path before the user even reaches the connection/server-switching scenarios APN wants tested.
Steps to reproduce
Open
https://apn.tech/.Read the install section:
No signup, no email — password generated on-device.Open this repository's
README.md.In
What to Test, read the first instruction:Actual result
The public product page says there is no signup/email account flow, while the tester README instructs people to sign in.
Expected result
The README should match the actual product flow. For example:
Or, if a login step is required on some clients, the README should name the exact credential flow so testers know what to do.
Impact
This is a low-severity documentation/UX bug, but it affects the bug bounty intake path: new testers may waste time looking for an account flow, confuse login with signup, or omit first-run details from reports because the documented setup path does not match the public product promise.
Duplicate check
Searched existing issues for
sign in,signup,no signup,no email,login, andpassword generated; I did not find an existing report for this README mismatch.Environment
Observed on June 26, 2026 using the public APN homepage and the current
masterbranch README. No login, account, app installation, or private testing was used.Reward address
If this is accepted and reward-eligible, payout can go to USDT ERC-20 on Ethereum mainnet:
0x06f44f4839fd5df4f4670036d028b29dec939363