Security at AppMD
You're handing us binaries. We treat them accordingly, isolated, encrypted, and never used to train public models.
Encryption everywhere
TLS in transit and AES-256 at rest for uploads, artifacts, and metadata.
Isolated analysis
Every APK is unpacked and analyzed in a single-tenant, ephemeral sandbox.
Access control
SSO, SAML, and role-based access on Team and Enterprise plans.
Compliance
SOC 2 Type II. DPA and security reviews available for Enterprise.
Audit logging
Immutable logs of access and actions, exportable for your own SIEM.
Least privilege
Scoped internal access, hardware-backed keys, and regular review.
Responsible disclosure
We welcome reports from security researchers. If you believe you’ve found a vulnerability, email security@appmd.dev with steps to reproduce. Please give us a reasonable window to remediate before public disclosure. We do not pursue legal action against good-faith research that respects our users’ privacy and data.
Data handling
Uploaded applications are used solely to produce your analysis. They are encrypted at rest, processed in isolation, and deleted on your schedule. We never sell uploaded files, and proprietary binaries are never used to train public models.
Request documentation
Enterprise customers can request our SOC 2 report, penetration-test summaries, and a completed security questionnaire. Contact security@appmd.dev.