# Encryption

## Database encryption

### iOS Simulator

For Appfigurate Simulator, we rely upon you and your Mac's security to secure your app metadata records. The database that stores your app metadata records is not encrypted and is located in the host macOS filesystem:

> `~/Library/Application Support/Appfigurate/`

This allows us to share your app metadata records across all iOS Simulators where Appfigurate is installed.

### Physical devices

For device builds (installed from the [Apple App Store](https://apps.apple.com/us/app/appfigurate/id1332575368?ls=1)), the database that stores your app metadata records is encrypted on device.

### Real device cloud testing services

When pre-packaging the local database that stores your app metadata records into the Appfigurate iOS, the database is stored unencrypted in the resulting ipa or apk file. We recommend using wrong app metadata records for development in this scenario.

## App metadata exports & backup

Exported app metadata is secured using the following:

* Passphrase derivation function uses 12-rounds of bcrypt.
* App metadata blob is encrypted with AES256.