FILE S0 / SECURITY
Every claim on this site, checkable against a public source.
A privacy app you cannot inspect is a privacy app you should not trust. This page lays out exactly what AppVault protects against, what it does not protect against, and the references against which every cryptographic claim on appvau.lt can be independently verified.
UPDATED · 2026-05-16 · REVIEWED BY APPVAULT
THREAT MODEL
Who AppVault is designed to defend against — and who it is not.
DEFENDS AGAINST
- Casual access by a familiar party. A partner, child, or coworker picks up your unlocked phone. The Photos app shows nothing. The Hidden album shows nothing. AppVault appears as a calculator (with the Calculator Launcher enabled).
- A lost or stolen device. A finder unlocks the phone with a known passcode. The Photos app is empty of the protected material. The vault holds, because the vault key is the pattern — not the phone passcode.
- Visual inspection at a border. An officer scrolls the camera roll. Sensitive documents are not in it. The vault, if visible at all, looks like a calculator.
- Forensic extraction without the pattern. A forensic tool images the device. The vault container is on disk but cannot be decrypted without the pattern; even the catalog of file names is sealed.
- Mass surveillance and server breach. We do not operate a server with your data. There is no breach surface on our end. The optional Encrypted iCloud Backup uploads only ciphertext sealed with a separate per-device backup key.
DOES NOT DEFEND AGAINST
- A coerced unlock. If you are forced to draw the pattern, the vault opens. The Decoy Vault offers some plausible deniability, but a determined adversary who already knows two patterns exist is outside the model we sell.
- A compromised device. If iOS itself is jailbroken or running an active spyware payload (Pegasus-class attacks), no app-level vault is sufficient. AppVault is not a substitute for keeping iOS patched.
- A forgotten pattern. There is no recovery process. If you forget the pattern and did not write down the recovery passphrase, the vault stays sealed. We cannot help. This is the design.
- Lawful access requests. We comply with lawful orders. We hold no data about you, so an order produces nothing — but if a court orders you personally to unlock the vault, AppVault provides no technical defense against that order.
- A future cryptographic break. AES-256-GCM is the strongest practical cipher published today, but no cryptography is provably secure against future advances. We will update the stack when the wider cryptography community moves.
REFERENCES
Every cryptographic claim on this site links to a primary source.
-
AES-256-GCM is the file cipher
NIST FIPS 197 (AES) and NIST SP 800-38D (GCM mode) ↗ -
AES-GCM AEAD construction
RFC 5116 — An Interface and Algorithms for Authenticated Encryption ↗ -
PBKDF2 key derivation, 600,000 iterations
NIST SP 800-132 and OWASP Password Storage Cheat Sheet (2026 guidance) ↗ -
Apple Secure Enclave key wrapping
Apple Platform Security guide — Secure Enclave chapter ↗ -
CryptoKit framework usage
Apple Developer Documentation — CryptoKit ↗ -
iCloud client-side encryption
Apple Advanced Data Protection white paper ↗
AUDIT STATUS
Independent review
AppVault’s cryptography stack is built on Apple’s CryptoKit framework, which is itself open-sourced under the Swift project and continuously reviewed by Apple’s security engineering team and external cryptographers. Our wrapping code — the small layer between user patterns and the framework — is the part that benefits most from independent review.
We have scheduled a third-party cryptographic audit with an established firm. We will publish the audit report in full on this page when it completes. Until then, our Security Architecture document is available on request to journalists, academic researchers, and serious customer-side reviewers — write to [email protected].
Responsible disclosure
If you discover a security issue in AppVault, write to [email protected] with a clear reproduction. We respond within 72 hours, acknowledge within 5 business days, and credit reporters in the patched release notes unless asked not to.
We do not yet run a paid bug bounty. We will acknowledge significant findings with a public credit and, where possible, a thank-you payment.
What we have not done
We have not been audited yet. We have not been formally certified for HIPAA, SOC 2, ISO 27001, or any other compliance framework — AppVault is a consumer privacy utility, not an enterprise tool. We do not make compliance claims we cannot back. If you require a certified vault for a regulated workflow (medical imaging, legal e-discovery, classified material), AppVault is the wrong tool. Use a certified system.
GET STARTED
Seal the vault.
Free to download. The first vault is free, forever. Upgrade only when you outgrow it.