Trust

Security at AppMD

You're handing us binaries. We treat them accordingly, isolated, encrypted, and never used to train public models.

Encryption everywhere

TLS in transit and AES-256 at rest for uploads, artifacts, and metadata.

Isolated analysis

Every APK is unpacked and analyzed in a single-tenant, ephemeral sandbox.

Access control

SSO, SAML, and role-based access on Team and Enterprise plans.

Compliance

SOC 2 Type II. DPA and security reviews available for Enterprise.

Audit logging

Immutable logs of access and actions, exportable for your own SIEM.

Least privilege

Scoped internal access, hardware-backed keys, and regular review.

Responsible disclosure

We welcome reports from security researchers. If you believe you’ve found a vulnerability, email security@appmd.dev with steps to reproduce. Please give us a reasonable window to remediate before public disclosure. We do not pursue legal action against good-faith research that respects our users’ privacy and data.

Data handling

Uploaded applications are used solely to produce your analysis. They are encrypted at rest, processed in isolation, and deleted on your schedule. We never sell uploaded files, and proprietary binaries are never used to train public models.

Request documentation

Enterprise customers can request our SOC 2 report, penetration-test summaries, and a completed security questionnaire. Contact security@appmd.dev.