diff --git a/App-Security.md b/App-Security.md
index b571cb7..4a69d0d 100644
--- a/App-Security.md
+++ b/App-Security.md
@@ -23,8 +23,8 @@ From ``./lint --show AllowBackup``:
 
 ### Anyone can delete my secret keys!
 Yes.
-    * Anyone can simply delete the app data from Android OS without a passphrase
-    * Asking for a passphrase before delete would prevent you from deleting keys where you forgot your passphrase
+* Anyone can simply delete the app data from Android OS without a passphrase
+* Asking for a passphrase before delete would prevent you from deleting keys where you forgot your passphrase
 
 ### Why ask for passphrase when exporting?
 It is not required cryptographically, but prevents simple stealing of your keys.