Blog
 / 
Concrete ML
Engineering
Community

Building Encrypted iOS Apps Using Fully Homomorphic Encryption

May 15, 2025
  -  
Andrei Stoian

Smartphones hold a trove of sensitive data that users want to keep secure, but this data can also unlock interesting personalization features. Sometimes even on-device processing of sensitive data can be risky as apps may be insecure. With FHE, this data can be kept secret all the while being processed by third-party applications securely, using machine learning or other data analytics algorithms. 

The Zama team is releasing several open-source demo applications for iOS and a client SDK so that you can build FHE-enabled mobile applications:

  • The Zama Data Vault: securely stores sensitive information
  • Demo apps: FHE Health and FHE Ads show how to build user applications using encrypted server-side processing
  •  Concrete ML Client Extensions SDK: provides FHE functionality to client applications on several platforms. It can interface with Machine Learning applications built with Concrete ML or with other FHE applications built with TFHE-rs or Concrete.

Zama Data Vault: Secure storage for sensitive mobile data

Your smartphone generates sensitive data such as health indicators, location data and application usage statistics. This data are shared with applications which may transmit them to cloud services for analysis, exposing you to risks of data leaks or to undesirable tracking. 

For example, online advertising often relies on invasive third-party cookies to build user profiles that are then shared with ad networks. But the risk isn’t limited to the web—even apps running locally on your device can mishandle sensitive data. Once you grant access, you have little control over how your data is used. 

Some limited protections exist on smartphones: iCloud KeyChain secures passwords and credit card numbers cryptographically and requires special permissions to access the sensitive data. But these types of data are currently only protected during storage or transfer, and are not protected during processing.

The Zama Data Vault is an application that extends cryptographic security to any type of sensitive data. Furthermore, it can share the encrypted data securely with applications so that apps such as health statistics or social media work just as before, but without exposing your sensitive data. 

To ensure privacy, decrypted results are not accessible directly by any other third-party app than Zama Data Vault. Instead, the Data Vault renders sensitive data processing results using Secure Display widgets, which are visible to users but remain unreadable to the third-party apps themselves—even against screen capture.

Privacy-preserving mobile apps demo 

We release two open-source demonstration apps that show developers how to build FHE enabled mobile applications on iOS. 

FHE Health

FHE Health takes sleep cycle data recorded by the Apple Watch and computes sleep quality scores for each night—without ever revealing the raw sleep data to the app or the server.

  • The Zama Data Vault encrypts the sleep data
  • A cloud server runs the sleep quality model on the encrypted input
  • The encrypted result is returned and decrypted only within the Data Vault
  • FHE Health application display the score using a Secure Display widget

FHE Ads

FHE Ads mimics a social media feed, displaying tweet-style posts taken from a public dataset mixed with demo Ads that are tailored to the user’s profile—without actually accessing users’ personal data. 

  • Users define their encrypted profiles (age, interests, etc.) or generate an example profile in the Zama Data Vault
  • The FHE Ads app retrieves this encrypted profile and sends it to the server
  • The server selects relevant ads based on the encrypted profile without accessing the personal data in clear
  • Ads are shown based on encrypted matching, not behavioral tracking

By leveraging the Data Vault, FHE Health and FHE Ads can retrieve and compute encrypted versions of the raw personal data and can display the private personalized ads or health statistics without gaining access to them. 

With FHE, the user applications don’t need additional permissions  to read sensitive data, as they only handle such data in its encrypted form and can not access encryption keys. They demonstrate how FHE can enable private-by-design applications, where user data is never exposed—even if the app is compromised or malicious.

Note: These demo applications are currently available via TestFlight only, for demonstration purposes. They are not listed on the App Store. If you'd like to test them out, feel free to contact us to request access.

Concrete ML Client Extensions SDK

This SDK contains code that generates keys, encrypts and decrypts various formats of ciphertexts which can be inputs or outputs of FHE programs written with Concrete ML, TFHE-rs or Concrete.

For Zama Data Vault, the Concrete ML Client Extensions SDK is used to generate keys, encrypt and decrypt through Swift bindings. Although FHE computation is computationally more expensive than clear-text computation, the heavy lifting is performed server-side. Mobile phones can easily run the client-side encryption and decryption of large quantities of data. 

The server-side logic of the FHE Health and FHE Ads apps is implemented as a classical Python-based HTTP server with celery task queues. It can use GPU acceleration if available. 

Build your own FHE-powered app

In addition to python-based clients, with the new Concrete ML Client Extensions SDK, developers can now build and deploy FHE applications that can now be deployed on iPhones.
To get started, take a look at the demo application code and at the Concrete ML Client Extensions SDK.

FHE Health and FHE Ads demonstrate how to build FHE applications by interfacing with the Zama Data Vault. The Zama Data Vault is the bridge that guarantees that data stays private and provides a platform to build FHE-enabled applications that process this data to provide valuable insights for users. 

In this video, Zama team member Jordan Fery walks you through the full implementation of Zama Data Vault and the two FHE apps.

Additional links

Read more related posts

No items found.
Libraries
Concrete Concrete ML FHEVM TFHE-rs
Products & Services
Privacy-preserving Machine learningConfidential blockchainThreshold key management SYSTEM
Developers
BlogDOCUMENTATION GITHUB FHE resources Research papers Bounty Program FHE STATE OS
Company
Aboutintroduction to fheEventsMediaCareers Legal
Contact
Talk to an expertCONTACT USXDiscordTelegramALL community channels
Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to.Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.Privacy in an open society also requires cryptography. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To encrypt is to indicate the desire for privacy, and to encrypt with weak cryptography is to indicate not too much desire for privacy. Furthermore, to reveal one's identity with assurance when the default is anonymity requires the cryptographic signature.We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free. Information expands to fill the available storage space. Information is Rumor's younger, stronger cousin; Information is fleeter of foot, has more eyes, knows more, and understands less than Rumor.We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can't get privacy unless we all do, we're going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down.Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation's border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one's fellows in society. We the Cypherpunks seek your questions and your concerns and hope we may engage you so that we do not deceive ourselves. We will not, however, be moved out of our course because some may disagree with our goals.The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.Onward. By Eric Hughes. 9 March 1993.