Open Source — Aperture

Open Source

Don't trust.
Verify.

Every line of Aperture is public. Read it, build it, and confirm the app on your phone is exactly the app we published.

View on GitHub See it in action →

Security through transparency

A wallet asks you to trust it with everything you own. We believe that trust has to be earned in the open, not asserted in a marketing page. Every part of Aperture that touches your keys or your funds is published for anyone — independent researchers, auditors, or you — to read, run, and challenge. Security by obscurity protects no one; security you can inspect protects everyone.

What is public

Not a stripped-down "core" — the whole app. The public repository contains:

  • the complete iOS and iPadOS client and its entire user interface;
  • key generation, seed derivation (BIP-39 / BIP-32), and the Secure Enclave integration;
  • transaction construction, fee estimation, and signing for every supported network;
  • the networking layer — exactly which servers the app contacts, and why;
  • the build scripts and release pipeline that produce the App Store binary.

There are no closed-source SDKs, no hidden binaries, and no proprietary service sitting between you and the blockchain.

What you can verify for yourself

Because the source is complete, you can confirm the claims the rest of this site makes — rather than take our word. You can trace that private keys are created with well-reviewed cryptographic libraries and sealed in the Secure Enclave; that they are never serialized, logged, or sent over the network; that the app contains no analytics, telemetry, or advertising code; and precisely which third-party endpoints are contacted to read balances and broadcast transactions.

Reproducible builds

Open source only matters if the app on your phone is the app in the repository. Aperture's releases are deterministic: building the tagged source produces a binary that matches what we ship, so you can compare the hash of your own build against the published release. "Open source" is not a promise about some other code — it is the code running on your device.

Build it yourself

Clone the repository and build with a single command. The verify target rebuilds a release and diffs it against the published binary. Full instructions live in the README.

$ git clone https://github.com/devdasx/aperture.git
$ cd aperture
$ make verify

A public, append-only history

Nothing is edited quietly. Every change is a public commit, every release is a signed and dated tag, and the full history is there for anyone to audit. If a line that handles your keys changes, you can see who changed it, when, and why.

Minimal dependencies

Every dependency is code you have to trust, so we keep the list short. Aperture leans on a small set of well-established, pinned libraries — each reviewable in the build manifest — and ships with no advertising, analytics, or attribution SDKs of any kind.

The license

Aperture is released under the GPL-3.0 license. You are free to use, study, share, and modify it — and any distributed derivative must stay open under the same terms, so the wallet can never quietly become a closed box. The license text lives in the repository and governs your rights in the code.

Independent audits

Aperture is reviewed by external security researchers, and findings are addressed in the open. See Security for the full model.

Contributing

Issues and pull requests are welcome. Read the code, file a report, or open a discussion on GitHub.

Bug bounty

Responsible disclosure is rewarded. Found a vulnerability? Email security@aperturex.io.

Read the full source at github.com/devdasx/aperture.