How AppAudit works.
The audit runs in your browser. No backend, no queue, no upload of your app data.
- 1
Install the extension from the Chrome Web Store
AppAudit installs as a standard Chrome extension. No account, no sign-in required to start.
Works on every Chromium browser
Install once from the Chrome Web Store — runs on Chrome, Edge, Brave, and Arc.
Chrome
Edge
Brave
Arc
Firefox and Safari support coming later.
- 2
Open your Bubble.io editor
Navigate to the app you want to audit. AppAudit detects the Bubble editor automatically and injects a floating Audit button.
- 3
Click “Audit my app”
Launch from either the floating button injected into the editor or the AppAudit popup in your Chrome toolbar.
- 4
Sanitize and analyze, locally
AppAudit walks your app structure in-page, redacts known secret patterns in your browser, and runs a deterministic TypeScript rules engine in a Web Worker. Nothing is uploaded.
- 5
See your findings list
Each finding names the element, the page it lives on, a relative severity, and an actionable fix. Free preview shows the top 5 findings and a summary.
- 6
Subscribe and re-audit anytime
Pick a tier inside the extension to unlock the full findings list and fixes. Re-audits stay free while your subscription is active.
Install for ChromeYour app data never leaves your browser.
AppAudit captures your Bubble app's in-memory structure, redacts known secret patterns (Stripe keys, JWTs, bearer tokens, AWS keys, GitHub PATs, Slack tokens, generic high-entropy strings) right in your browser, and runs the checks in a Web Worker. There is no backend to upload to, no AI provider in the loop, and no telemetry. The audit you see is computed on your machine.