Cultiver

Trust & Security

Every app on Cultiver is reviewed and certified before it reaches you. Our three-layer certification model ensures quality, security, and ongoing accountability.

How Certification Works

Layer 1: Automated Scan

Every submission goes through an automated pipeline that checks for known vulnerabilities, malicious code patterns, dependency risks, and compliance with platform standards. Issues are flagged before any human reviewer sees the app.

Layer 2: Expert Review

A qualified reviewer evaluates the app across four dimensions: security posture, code quality, user experience, and fraud risk. Each dimension is scored, and the app must meet the minimum threshold to receive certification.

Layer 3: Ongoing Monitoring

Certification is not a one-time event. Listed apps are continuously monitored for new vulnerabilities, policy violations, and user-reported issues. If an app falls below standards, its badge can be suspended or revoked.

What the Badge Means

When you see the Cultiver Certified badge on an app, it means:

  • Security
    The app has passed automated vulnerability scanning and manual security review with no critical or high-severity issues.
  • Quality
    Code quality meets platform standards, the app performs reliably, and the user experience is consistent and accessible.
  • Trust
    The developer has verified their identity, and the app has been screened for deceptive pricing, misleading claims, and other fraud indicators.
  • Monitoring
    The app is subject to continuous monitoring and can have its certification revoked if it fails to maintain standards.

Revocation Policy

A certification badge can be revoked at any time if the app or developer violates platform policies. Common reasons for revocation include:

  • Discovery of a critical security vulnerability that is not patched within the required time frame
  • Introduction of malicious code, data harvesting, or undisclosed tracking in an update
  • Fraudulent behaviour such as fake reviews, misleading pricing, or bait-and-switch functionality
  • Failure to respond to a remediation request within the designated period
  • Developer identity verification is invalidated or found to be fraudulent

When a badge is revoked, the app is immediately suspended from the store, existing users are notified, and the revocation is recorded in the public revocation log.

View Revocation Log