The app depends on Android framework code, so fixing most reported security issues from scanning can only be fixed when the Android framework was updated accordingly.

If you found a vulnerability in the app, privately report it via GitHub using this link.