Feature

Backroom: the vault that fools everyone

Backroom is MemeScanr's private media vault. It's protected by Face ID and a salted PIN stored in the iOS Keychain, with brute-force lockout and screen-recording blur. Its signature feature: a decoy vault that shows a fake, believable library when someone enters the wrong PIN.

Backroom in one sentence Backroom is MemeScanr's private photo and notes vault, protected by Face ID and a salted PIN in the iOS Keychain, with a decoy vault that shows a fake library when someone enters the wrong PIN.
Backroom vault shown side-by-side with the decoy vault on wrong PIN entry
Backroom PIN pad side by side with the decoy vault: the real vault and the decoy vault that opens on wrong PIN.

The decoy vault: Backroom's unique angle

Most photo vault apps show an error when someone enters the wrong PIN. That error is itself a signal — the snooper now knows a vault exists and will try again, or they'll ask you to enter it. Backroom takes a different approach: instead of showing an error, it opens a decoy vault that looks like a real, working vault. It has a PIN pad that accepted an entry, a gallery view, and some neutral content (a grocery list, a few receipts). The snooper sees what looks like a successfully-unlocked vault with nothing interesting in it.

The real vault never opens. The snooper never knows it exists. This is the angle no competitor has, and it is MemeScanr's strongest privacy proof point beyond the on-device scanning claim.

How Backroom is locked

  • Face ID — primary unlock on devices that support it. Falls back to PIN on failure.
  • Salted PIN — SHA-256 hashed with 1000 iterations, stored in the iOS Keychain. The raw PIN is never written anywhere.
  • Progressive lockout — 3 wrong attempts → 30 seconds, 5 → 5 minutes, 10 → 30 minutes. Lockout state lives in Keychain, so closing the app doesn't reset it.
  • Screen recording blur — if you start recording the screen while Backroom is open, the vault contents blur automatically.
  • Screenshot detection toast — if a screenshot fires while Backroom is unlocked, Backroom shows a warning toast so you know it happened.
Backroom screenshot detection toast warning
Screenshot detection toast: Backroom flashes a warning the moment iOS takes a screenshot while the vault is unlocked.

What you can put in Backroom

Backroom is not just a photo vault. It stores:

  • Photos and videos — moved from the Photos app and removed from the native library
  • Voice notes — recorded directly in-app
  • Text notes — with optional self-destruct timers
  • Quick-capture camera shots — shot directly into the vault, never touching Photos
  • Favorites collection — pin your most-used vault items to the top

Why the architecture matters

Backroom is fully local. There is no cloud backup, no iCloud sync, no web access. That is intentional. Any cloud-synced vault is only as secure as the weakest account in your chain — your Apple ID, your email recovery, your SMS 2FA. Keeping Backroom offline removes every one of those attack surfaces. The tradeoff is that deleting MemeScanr deletes the vault, so users who care about long-term archival should back up their vault contents externally first.

Backroom Vault FAQ

How is Backroom different from hiding photos in the iPhone Photos app?

The iOS Photos app hidden album can be revealed by anyone who opens Photos → Albums and enables "Show Hidden Album." Backroom is a separate, encrypted vault inside MemeScanr protected by Face ID and a salted PIN stored in the iOS Keychain. Photos moved to Backroom are removed from the Photos app entirely.

What is the decoy vault?

The decoy vault is a second, fake vault that opens when someone enters the wrong PIN three times. Instead of showing an error, Backroom shows a believable but empty vault with neutral content — a grocery list, some receipts. The person trying to snoop sees what looks like a successfully-opened vault with nothing interesting in it, and never knows a real vault exists.

How is the PIN stored?

The PIN is salted and hashed with SHA-256 using 1000 iterations, then stored in the iOS Keychain — the same secure enclave Apple uses for passwords and passkeys. The raw PIN is never stored anywhere.

What happens if someone tries to brute force the PIN?

Backroom enforces a progressive lockout policy: 3 wrong attempts triggers a 30-second lockout, 5 wrong attempts triggers a 5-minute lockout, and 10 wrong attempts triggers a 30-minute lockout. The lockout state is stored in the Keychain so closing and reopening the app does not reset it.

Does Backroom protect against screen recording and screenshots?

Yes. Backroom uses iOS screen capture detection to blur its contents if a screen recording starts while you have the vault open. It also shows a toast warning if a screenshot is taken while Backroom is unlocked.

What can I put in Backroom?

Photos, videos, notes, voice memos, and documents. Backroom also supports a quick-capture camera so you can shoot directly into the vault without the file ever touching the Photos app. Notes support self-destructing expiry timers.

Is Backroom free?

The free tier includes 5 Backroom items. Unlimited vault storage requires MemeScanr Premium.

What happens to Backroom if I delete MemeScanr?

Deleting the app deletes the vault and everything in it. Backroom is local-only — there is no cloud backup, because there is no server. Back up important vault items before uninstalling.