GeoLocker

Location-based security for iOS

Lock your most sensitive notes, photos, video and files into vaults tied to a place. Choose biometric vaults protected by the Secure Enclave, or hidden vaults that open with a map spot plus a passphrase and leave no trace they exist. Everything that protects you is free.

Download on the App Store
Learn more Features

See hidden vaults in action

A spot on the map plus a passphrase. Get either one wrong and it looks like there's nothing there.

A closer look

Short clips, captured live from the app.

Vaults tied to a place
Create a vault in seconds
Open a hidden vault

Core Capabilities

Location-Bound Vaults

Each vault is tied to a place. Biometric vaults can require you to be there; hidden vaults bake the spot into the key itself.

In-Person or Map Unlock

Open a vault by being at its location, or, if you allow it, by pointing at the spot on the map.

Hidden (Deniable) Vaults

Opened by a map spot plus a passphrase. A wrong spot or passphrase looks exactly like “nothing here,” so no one can prove a hidden vault exists. Includes decoys and a duress wipe.

Secure Enclave Encryption

Biometric vaults each get their own key, generated in the device’s Secure Enclave and released only by Face ID / Touch ID. AES-256-GCM throughout.

Multiple Vaults

Create separate encrypted vaults for home, work or family. Each one is independent, with its own location and keys.

Configurable Unlock Zones

Set each biometric vault’s unlock radius from 5 to 100 meters, including the device’s reported GPS accuracy.

Notes, Photos, Video & Files

Store text, photos, video, audio recordings and documents with the same encryption.

On-Device & Private

Your vaults never leave the device. No cloud, no accounts, no analytics or tracking. Core security works fully offline.

Most apps protect your data. GeoLocker can hide that it exists.

Plenty of apps encrypt your files. The catch is that the lock is obvious: anyone holding your phone can see you have a vault and pressure you to open it. GeoLocker's hidden vaults take that pressure point away.

A hidden vault opens only with a secret place on the map and a passphrase. Both are mixed straight into the encryption key, so there's nothing stored to check a guess against. Enter the wrong spot or the wrong passphrase and you get the same blank result as a phone with nothing on it. There's no list of vaults, no count, and nothing on the device that hints any exist.

If you're ever forced to open the app, hand over a decoy vault full of harmless notes while your real vaults stay invisible. You can even arm a duress vault that wipes the others the moment it's opened. That's real plausible deniability, and it's free for everyone.

Why the passphrase is hard to crack: Argon2id

Someone who has your phone can still try to guess a hidden vault's passphrase. GeoLocker makes every guess expensive by deriving the key with Argon2id, the algorithm that won the Password Hashing Competition, is standardised as RFC 9106, and is the one OWASP recommends for password storage.

Argon2id is memory-hard: it deliberately needs a large amount of memory for each attempt, which blunts the GPU and ASIC rigs that tear through ordinary hashes. On GeoLocker that means even on-device guessing is slow, so a longer passphrase and a non-obvious spot are genuinely strong. We're honest about the flip side: a short passphrase at an obvious place can still be guessed. The strength is in your hands.

What it protects against, honestly

No overselling. Here's what each situation looks like, and where the limits are.

SituationHow GeoLocker helpsHonest limit
Lost or stolen phone Everything is AES-256-GCM encrypted, stays on the device, and auto-locks when the app goes to the background. Only a risk if the phone is already unlocked with a vault open.
Someone on your unlocked phone Biometric vaults still need Face ID; hidden vaults need the exact spot and passphrase. Someone watching over your shoulder as you open one.
Forced to unlock Hand over a decoy. Real hidden vaults leave no trace, so "there's nothing here" is believable. Biometrics can be compelled; a known spot and passphrase opens the real vault.
Forensic lab extraction Hidden vaults are indistinguishable from random filler, so a routine image reveals nothing about them. A short or obvious passphrase can still be ground down on the device (Argon2id slows this).
iCloud, backup or network Nothing syncs or leaves the device. No servers, no accounts, no analytics. Local-only by design.

The same plain-language breakdown lives inside the app, under Settings.

In the App

A quick look, then screenshots from the iOS app.

GeoLocker map centred on Sydney with vault controls
Your vaults live at real places
Creating a hidden vault with a map spot and passphrase
A hidden vault: spot plus passphrase
Vault contents: notes, photos, video, audio and files
Notes, photos, video and files
An innocuous decoy vault you can hand over
A believable decoy to hand over

Protect what matters most

Your data never leaves your device. No cloud, no accounts. With hidden vaults, the location and passphrase are part of the key itself.

Get GeoLocker on the App Store