ANONYCORDv3.1GITHUB ↗

5.0SECURITY, PRIVACY, 0 BYTES OUT

The threat model.

Privacy claims are cheap. This page is written the way a threat model should be: what the app stores, where it stores it, who can reach it, and what Anonycord does not protect you from.

5.1WHAT THIS APP IS FOR

Anonycord exists for personal security, documentation, and evidence: recording your own moments, in your own environment, on your own device. That covers a tense encounter you want a record of, a lecture you can’t photograph politely, a dark venue where a lit screen is a nuisance, or an incident where the footage may matter later and a glowing preview would escalate things.

It is not built for, and this project does not endorse, covert surveillance of other people. The discretion exists so that recording your own life doesn’t require announcing it with a lit screen. It is not for hiding a camera from the people you live or work with.

5.2WHAT IS STORED WHERE
DataLocationWho can reach it
Recordings (library destination)The system Photos database, optionally in an Anonycord albumAnything with photo-library access; syncs to iCloud Photos if you have it enabled
Recordings (vault destination)Anonycord’s app sandbox, on-device onlyOnly the vault viewer, behind the system Face ID prompt; invisible to Photos, Files, and other apps
SettingsLocal preferences inside the app containerThe app itself
Accounts, identifiers, analyticsNothing. There is no such data.No one; it is never created
5.3HOW THE VAULT IS GATED

The vault viewer is gated behind the system LocalAuthentication prompt, the same Face ID gate iOS offers banking apps. The app declares NSFaceIDUsageDescription in its build settings, and recordings stored in the vault live inside the app sandbox, which iOS encrypts at rest as part of its standard data protection.

Sandbox storage has a sharp edge, stated plainly in the README and repeated here: vault recordings are removed if the app is deleted or a reinstall goes wrong. If a recording matters, use the Both destination for a visible copy in Photos and a private copy in the vault.

5.4THE NO-TELEMETRY STATEMENT

Anonycord contains no analytics SDK, crash reporter, advertising identifier, or account system, and no networking layer that could carry footage. None of this is a setting that defaults to off; the code simply isn’t there.

  • 0analytics or tracking SDKs
  • 0accounts or sign-ins
  • 0servers receiving footage
  • 0bytes of telemetry, ever

You do not have to take this page’s word for it: the source is public under GPL-3.0, every release is built from that source by a public CI workflow, and you can build the app yourself in Xcode and diff the behaviour.

5.5WHAT IT DOES AND DOES NOT PROTECT AGAINST
PROTECTS AGAINST
  • A lit screen giving away that you are recording your own surroundings
  • Casual inspection of your phone: vault recordings appear nowhere in Photos or Files
  • Other apps with photo-library permission reading your vaulted footage
  • Cloud exposure of vault recordings: they are never uploaded anywhere
DOES NOT PROTECT AGAINST
  • Someone who can unlock your device and pass the Face ID prompt: the vault is a gate, not a separate cryptographic enclave
  • iCloud sync of Library-destination saves: those are normal Photos assets by design
  • Forensic extraction of an unlocked device, or legal compulsion to unlock it
  • Loss of vault contents if the app is deleted: documented behaviour, not a surprise
5.6RESPONSIBLE USE

Recording laws are real, they vary enormously, and they are your responsibility. Some jurisdictions allow recording anything you can lawfully see or hear; others require the consent of one party, or of everyone involved; audio is often regulated more strictly than video. Know your local law before you press record.

Use Anonycord to document your own environment and your own evidence. Do not use it to record people in places or situations where they are entitled to privacy. A dark screen doesn’t change what the camera and microphone are doing, and it doesn’t change your obligations to the people around you.

5.7VERIFY IT YOURSELF
  1. 01

    Read the source: jackghx/Anonycord, GPL-3.0, forked from c22dev/Anonycord.

  2. 02

    Watch the build: build.yml on GitHub Actions produces every release IPA from the tagged source, unsigned, with public logs.

  3. 03

    Check the digest: each release asset publishes a SHA-256 hash. Hash your download and compare before you sideload.

  4. 04

    Or trust no one: open Anonycord.xcodeproj in Xcode and run it on your own device. The simulator can’t use the camera, volume buttons, or Face ID; a physical device is required.