Skip to content
AppVault

FILE 02 / CRYPTOGRAPHY

Boring, decades-old, and reviewed in public a thousand times.

AppVault uses standard, audited cryptography. We did not invent anything new. The stack is documented here in full so you can match every bullet against open literature and Apple’s public documentation.

File cipher

Each file in the vault is encrypted with AES-256 in GCM mode using a fresh 96-bit nonce per file. AES-256-GCM is the same primitive the U.S. National Security Agency approves for TOP SECRET material and the same one used by TLS 1.3, signal, WireGuard, and effectively every serious privacy product released in the last decade.

Key derivation

The 5×5 pattern you draw is converted into a high-entropy seed and passed through PBKDF2-SHA256 with a high iteration count and a per-install salt. The resulting key is wrapped by a master key stored in the iOS Keychain with the access flag kSecAttrAccessibleWhenUnlockedThisDeviceOnly — Apple's strongest "do not migrate this" attribute, which keeps the wrapping key off iCloud Keychain and prevents it from restoring onto a different device.

Without the exact pattern, the wrapped key cannot be unwrapped. Without the unwrapped key, the file is mathematically indistinguishable from random bytes.

Recovery

AppVault generates a BIP-39 12-word recovery phrase during onboarding using the standard English BIP-39 wordlist with checksum. The phrase is shown once and is the only off-device survival mechanism — you write it on paper and store it offline. Internally, the phrase derives the same master key, which is why a second device entering the phrase reconstitutes the vault.

Catalog protection

It is not enough to encrypt the files. AppVault also encrypts the catalog — the list of file names, sizes, types, and dates — inside a Hive store opened with an AES-256 encryption key. An attacker with raw access to the device storage cannot see how many files exist, when they were added, or what kind they are.

Transport

Vault contents never leave the device. The vault directory is marked NSURLIsExcludedFromBackupKey = YES, which keeps it out of iCloud Backup and out of iTunes/Finder backups. The only outbound traffic from the app is anonymous, content-free funnel events through Firebase Analytics, and crash diagnostics through Firebase Crashlytics — never file contents, never filenames, never patterns. The complete list of events is on the Privacy page.

What we do not do

We do not run a server that holds user content. We do not store your pattern. We do not have an account database. We have no way to reset your vault. If you forget your pattern and lose the recovery phrase, the vault stays sealed. That is the design.

Audit

A third-party cryptography audit by an established firm is scheduled. Until then, the cipher primitives are taken from well-reviewed libraries: AES-256-GCM via the Dart cryptography package (which delegates to platform APIs), PBKDF2 via pointycastle, and BIP-39 via the canonical bip39 implementation. Each is open-source and reviewed by the wider Dart and cryptography communities. Our wrapping code is documented in our Security Architecture document, available on request.

GET STARTED

Seal the vault.

Free to download. The free tier holds one file. Premium removes the limit — Weekly from $3.99 or Yearly from $29.99 with a 7-day free trial.