From 1df21568f13ea01d3d06859e453b8a2d31752e43 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Wed, 27 May 2020 19:11:43 -0400
Subject: [PATCH] add README based on release notes

---
 README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..3d756a5
--- /dev/null
+++ b/README.md
@@ -0,0 +1,11 @@
+Simple Android PDF viewer based on pdf.js and content providers. The app
+doesn't require any permissions. The PDF stream is fed into the sandboxed
+WebView without giving it access to content or files. Content-Security-Policy
+is used to enforce that the JavaScript and styling properties within the
+WebView are entirely static content from the apk assets. It reuses the hardened
+Chromium rendering stack while only exposing a tiny subset of the attack
+surface compared to actual web content. The PDF rendering code itself is memory
+safe with dynamic code evaluation disabled, and even if an attacker did gain
+code execution by exploiting the underlying web rendering engine, they're
+within the Chromium renderer sandbox with no access to the network (unlike a
+browser), files, or other content.