Skip to content
AppVault

FILE PR1 / PRESS

Everything a reporter, reviewer, or researcher needs in one page.

AppVault is the iPhone photo and file vault built by Vastflow. This page is the canonical resource for people writing about the app: a factsheet, technical specifications, the privacy posture, who to email, and downloadable brand assets.

UPDATED · 2026-05-16 · REVIEWED BY APPVAULT

FACTSHEET

The thirty-second summary.

Product
AppVault — iPhone & iPad photo / file vault
Publisher
Vastflow
Category
Privacy utility
Platforms
iOS 17+, iPadOS 17+
Distribution
Apple App Store
Architecture
On-device only · No servers · No account
Cipher
AES-256-GCM, unique 96-bit nonce per file
Key derivation
PBKDF2-SHA256 · iOS Keychain ThisDeviceOnly
Recovery
BIP-39 12-word recovery phrase, generated on-device
Pricing
Free (1 file) · Weekly from $3.99 · Yearly from $29.99 with 7-day trial
Languages at launch
9 (en, es, pt-BR, de, fr, it, tr, ja, ar)
Install size
~12 MB
Data collected
Anonymous diagnostics + funnel events (Firebase) — full disclosure on /privacy/

THE STORY

What we built and why it is different

AppVault stores photos, videos, and documents in an AES-256-GCM encrypted container that does not appear in the iOS Photos app, in Spotlight, in iMessage attachments, in AirDrop suggestions, or in any third-party app with photo permission. Files inside the vault exist only as ciphertext on the device.

Three architectural choices separate AppVault from most apps in its category:

  • No account, no servers. Most photo vault apps require an email registration and sync files through company-operated servers. AppVault has neither. There is no backend to subpoena, breach, or shut down.
  • Hardware-bound key. The encryption key derived from the user's pattern is wrapped by a key generated inside the iPhone Secure Enclave. The Enclave key never leaves the chip. A copy of the encrypted vault lifted to a different iPhone will not decrypt even with the correct pattern.
  • Calculator Launcher. AppVault can present on the home screen as a fully functional iOS calculator. A long-press on the equals key followed by the pattern opens the vault. The calculator does arithmetic — it is not a façade. Approved under Apple guideline 4.3 for alternate icons.

What we deliberately do not do

AppVault has no password reset, no support tool that can recover a forgotten pattern, no advertising, no ad-mediation SDKs, no automatic cloud upload, and no cloud backup of vault contents. These are not roadmap items. They are architectural commitments. The cost is that a forgotten pattern without the BIP-39 recovery phrase renders the vault permanently sealed. We accept that cost because every photo-vault breach since 2014 has happened through the recovery surface, not the cryptography. The app does include Firebase Analytics + Crashlytics for anonymous, content-free funnel and crash diagnostics — disclosed in full on the Privacy page — and RevenueCat for subscription receipt validation.

Cryptographic stack — for security writers

Every claim on this site links to a primary source. The stack:

  • Cipher: AES-256-GCM per file with a unique 96-bit nonce — NIST FIPS 197 + RFC 5116
  • Key derivation: PBKDF2-SHA256 with a per-install salt — OWASP recommendation
  • Master key storage: iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnlyApple Platform Security guide
  • Recovery: BIP-39 12-word mnemonic, generated on-device, never transmitted — BIP-0039
  • Catalog: encrypted Hive store. An attacker with raw flash access cannot enumerate files.
  • Backup: vault directory marked NSURLIsExcludedFromBackupKey = YES; excluded from iCloud Backup, iCloud Keychain, and iTunes/Finder backups.
  • Telemetry: Firebase Analytics + Crashlytics for content-free funnel + crash diagnostics; full event list on /privacy/.

The full technical writeup with threat model and audit status lives at appvau.lt/security. We are happy to walk reviewers through the implementation; email [email protected].

CONTACTS

Press and partnership routes.

BRAND ASSETS

Logo, name, color, voice

AppVault is one word, two capitals: AppVault. Not "App Vault", not "Appvault", not "appvault". The lowercase form for URLs is appvau.lt.

The wordmark uses Fraunces at a medium weight. The lock symbol that pairs with it is a circular target with two crosshair tick marks in brass (#c9a961) on ink black (#0a0a0a). The cream paper background is #f5f1e8.

Brand assets in SVG and PNG, plus a one-page editorial photography pack, are available on request. Email [email protected] with a one-line subject and we will send a Dropbox link within a business day.

What we ask of writers

Two requests, both reasonable.

Verify the cryptographic claims before publishing them. Every claim on this site links to a primary source. We are happy to provide additional detail on request, including a walkthrough of the wrapping code, but we ask that reviewers confirm independently rather than restating our copy verbatim.

Do not frame Calculator/Decoy features as deception tools. The features exist for shared-device privacy, customs travel, journalism, legal practice, and medical confidentiality. Framing them as ways to "hide from your spouse" or "trick someone" is inaccurate and harms our App Review standing. We will provide quotes about the actual use cases on request.

GET STARTED

Seal the vault.

Free to download. The free tier holds one file. Premium removes the limit — Weekly from $3.99 or Yearly from $29.99 with a 7-day free trial.