diff --git a/.gitmodules b/.gitmodules
index 44f18cf87..5f32f0dc6 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -4,6 +4,9 @@
 [submodule "lib/Tmds.Fuse"]
 	path = lib/Tmds.Fuse
 	url = https://github.com/securefolderfs-community/Tmds.Fuse
-[submodule "src/Platforms/SecureFolderFS.Dashboard"]
-	path = src/Platforms/SecureFolderFS.Dashboard
-	url = git@github.com:securefolderfs-community/SecureFolderFS.Dashboard.git
+[submodule "src/Platforms/SecureFolderFS.AppPlatform"]
+	path = src/Platforms/SecureFolderFS.AppPlatform
+	url = git@github.com:securefolderfs-community/SecureFolderFS.AppPlatform.git
+[submodule "src/Platforms/SecureFolderFS.AppPlatform.Server"]
+	path = src/Platforms/SecureFolderFS.AppPlatform.Server
+	url = git@github.com:securefolderfs-community/SecureFolderFS.AppPlatform.Server.git
diff --git a/SecureFolderFS.sln b/SecureFolderFS.sln
index 5014e4c24..5a37ab4fa 100644
--- a/SecureFolderFS.sln
+++ b/SecureFolderFS.sln
@@ -64,7 +64,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "tests", "tests", "{724C2A9B
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SecureFolderFS.Tests", "tests\SecureFolderFS.Tests\SecureFolderFS.Tests.csproj", "{67ED86B1-D287-4F36-A8BE-189F68502B4C}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SecureFolderFS.Dashboard", "src\Platforms\SecureFolderFS.Dashboard\SecureFolderFS.Dashboard.csproj", "{9CF66911-1E7E-4A82-B7B4-97B2DE8BA9B0}"
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SecureFolderFS.AppPlatform", "src\Platforms\SecureFolderFS.AppPlatform\SecureFolderFS.AppPlatform.csproj", "{9CF66911-1E7E-4A82-B7B4-97B2DE8BA9B0}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SecureFolderFS.Sdk.Ftp", "src\Sdk\SecureFolderFS.Sdk.Ftp\SecureFolderFS.Sdk.Ftp.csproj", "{17592A5B-EFB4-478C-87A1-C4A10BDECA50}"
 EndProject
@@ -82,6 +82,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SecureFolderFS.Sdk.Dropbox"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SecureFolderFS.Sdk.WebDavClient", "src\Sdk\SecureFolderFS.Sdk.WebDavClient\SecureFolderFS.Sdk.WebDavClient.csproj", "{E9D21865-C31B-49AD-B9CE-A8A9491789D5}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SecureFolderFS.AppPlatform.Server", "src\Platforms\SecureFolderFS.AppPlatform.Server\SecureFolderFS.AppPlatform.Server.csproj", "{4440EBF8-9707-41DD-A723-F52987F83E1F}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -558,6 +560,22 @@ Global
 		{E9D21865-C31B-49AD-B9CE-A8A9491789D5}.Release|x64.Build.0 = Release|Any CPU
 		{E9D21865-C31B-49AD-B9CE-A8A9491789D5}.Release|x86.ActiveCfg = Release|Any CPU
 		{E9D21865-C31B-49AD-B9CE-A8A9491789D5}.Release|x86.Build.0 = Release|Any CPU
+		{4440EBF8-9707-41DD-A723-F52987F83E1F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{4440EBF8-9707-41DD-A723-F52987F83E1F}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{4440EBF8-9707-41DD-A723-F52987F83E1F}.Debug|arm64.ActiveCfg = Debug|Any CPU
+		{4440EBF8-9707-41DD-A723-F52987F83E1F}.Debug|arm64.Build.0 = Debug|Any CPU
+		{4440EBF8-9707-41DD-A723-F52987F83E1F}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{4440EBF8-9707-41DD-A723-F52987F83E1F}.Debug|x64.Build.0 = Debug|Any CPU
+		{4440EBF8-9707-41DD-A723-F52987F83E1F}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{4440EBF8-9707-41DD-A723-F52987F83E1F}.Debug|x86.Build.0 = Debug|Any CPU
+		{4440EBF8-9707-41DD-A723-F52987F83E1F}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{4440EBF8-9707-41DD-A723-F52987F83E1F}.Release|Any CPU.Build.0 = Release|Any CPU
+		{4440EBF8-9707-41DD-A723-F52987F83E1F}.Release|arm64.ActiveCfg = Release|Any CPU
+		{4440EBF8-9707-41DD-A723-F52987F83E1F}.Release|arm64.Build.0 = Release|Any CPU
+		{4440EBF8-9707-41DD-A723-F52987F83E1F}.Release|x64.ActiveCfg = Release|Any CPU
+		{4440EBF8-9707-41DD-A723-F52987F83E1F}.Release|x64.Build.0 = Release|Any CPU
+		{4440EBF8-9707-41DD-A723-F52987F83E1F}.Release|x86.ActiveCfg = Release|Any CPU
+		{4440EBF8-9707-41DD-A723-F52987F83E1F}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -596,6 +614,7 @@ Global
 		{85FE77EA-9F89-4F42-BD79-26C82F847DDC} = {086CDAC6-2730-4F09-BA28-B41F737E6C4D}
 		{FD52B782-4E07-41B2-8EA9-DE2347DEB9E2} = {086CDAC6-2730-4F09-BA28-B41F737E6C4D}
 		{E9D21865-C31B-49AD-B9CE-A8A9491789D5} = {086CDAC6-2730-4F09-BA28-B41F737E6C4D}
+		{4440EBF8-9707-41DD-A723-F52987F83E1F} = {66BC1E2B-D99A-49E2-8B8F-EF7851493CB0}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {A1906FD8-BB54-4688-BC0F-9ED7532D2CB0}
diff --git a/src/Core/SecureFolderFS.Core.FileSystem/Helpers/RecycleBin/Abstract/AbstractRecycleBinHelpers.Operational.cs b/src/Core/SecureFolderFS.Core.FileSystem/Helpers/RecycleBin/Abstract/AbstractRecycleBinHelpers.Operational.cs
index 13cd037e4..646878fde 100644
--- a/src/Core/SecureFolderFS.Core.FileSystem/Helpers/RecycleBin/Abstract/AbstractRecycleBinHelpers.Operational.cs
+++ b/src/Core/SecureFolderFS.Core.FileSystem/Helpers/RecycleBin/Abstract/AbstractRecycleBinHelpers.Operational.cs
@@ -80,6 +80,9 @@ public static async Task RestoreAsync(IStorableChild recycleBinItem, IModifiable
                 // A new item name should be chosen fit for the new folder (so that Directory ID match)
                 var ciphertextName = await AbstractPathHelpers.EncryptNameAsync(plaintextOriginalName, ciphertextDestinationFolder, specifics, cancellationToken);
 
+                // Get an available name if the destination already exists
+                ciphertextName = await GetAvailableDestinationNameAsync(ciphertextDestinationFolder, ciphertextName, plaintextOriginalName, specifics, cancellationToken);
+
                 // Rename and move item to destination
                 _ = await ciphertextDestinationFolder.MoveStorableFromAsync(recycleBinItem, modifiableRecycleBin, false, ciphertextName, null, cancellationToken);
             }
@@ -89,6 +92,9 @@ public static async Task RestoreAsync(IStorableChild recycleBinItem, IModifiable
                 // The same name could be used since the Directory IDs match
                 var ciphertextName = Path.ChangeExtension(await AbstractPathHelpers.EncryptNameAsync(plaintextOriginalName, ciphertextDestinationFolder, specifics, cancellationToken), Constants.Names.ENCRYPTED_FILE_EXTENSION);
 
+                // Get an available name if the destination already exists
+                ciphertextName = await GetAvailableDestinationNameAsync(ciphertextDestinationFolder, ciphertextName, plaintextOriginalName, specifics, cancellationToken);
+
                 // Rename and move item to destination
                 _ = await ciphertextDestinationFolder.MoveStorableFromAsync(recycleBinItem, modifiableRecycleBin, false, ciphertextName, null, cancellationToken);
             }
@@ -216,6 +222,28 @@ public static async Task DeleteOrRecycleAsync(
             }
         }
 
+        private static async Task<string> GetAvailableDestinationNameAsync(IFolder ciphertextDestinationFolder, string ciphertextName, string plaintextOriginalName, FileSystemSpecifics specifics, CancellationToken cancellationToken)
+        {
+            // Check if the item already exists
+            var existing = await ciphertextDestinationFolder.TryGetFirstByNameAsync(ciphertextName, cancellationToken);
+            if (existing is not null)
+            {
+                // If the item already exists, append a suffix to the name
+                var nameWithoutExtension = Path.GetFileNameWithoutExtension(plaintextOriginalName);
+                var extension = Path.GetExtension(plaintextOriginalName);
+                var suffix = 1;
+                do
+                {
+                    var newPlaintextName = $"{nameWithoutExtension} ({suffix}){extension}";
+                    ciphertextName = Path.ChangeExtension(await AbstractPathHelpers.EncryptNameAsync(newPlaintextName, ciphertextDestinationFolder, specifics, cancellationToken), Constants.Names.ENCRYPTED_FILE_EXTENSION);
+                    existing = await ciphertextDestinationFolder.TryGetFirstByNameAsync(ciphertextName, cancellationToken);
+                    suffix++;
+                } while (existing is not null);
+            }
+
+            return ciphertextName;
+        }
+
         private static async Task<bool> IsRecentlyCreatedAsync(IStorable storable, CancellationToken cancellationToken)
         {
             try
diff --git a/src/Core/SecureFolderFS.Core.FileSystem/Validators/StructureContentsValidator.cs b/src/Core/SecureFolderFS.Core.FileSystem/Validators/StructureContentsValidator.cs
index 63fa5c6eb..d619238eb 100644
--- a/src/Core/SecureFolderFS.Core.FileSystem/Validators/StructureContentsValidator.cs
+++ b/src/Core/SecureFolderFS.Core.FileSystem/Validators/StructureContentsValidator.cs
@@ -38,6 +38,7 @@ public override async Task<IResult> ValidateResultAsync((IFolder, IProgress<IRes
 
             await foreach (var item in scannedFolder.GetItemsAsync(StorableType.All, cancellationToken).ConfigureAwait(false))
             {
+                cancellationToken.ThrowIfCancellationRequested();
                 if (PathHelpers.IsCoreName(item.Name))
                     continue;
 
diff --git a/src/Core/SecureFolderFS.Core/Constants.cs b/src/Core/SecureFolderFS.Core/Constants.cs
index e48d1dc16..1dfe5bdee 100644
--- a/src/Core/SecureFolderFS.Core/Constants.cs
+++ b/src/Core/SecureFolderFS.Core/Constants.cs
@@ -25,6 +25,7 @@ public static class Authentication
                 public const string AUTH_APPLE_BIOMETRIC = "apple_secure_enclave";
                 public const string AUTH_ANDROID_BIOMETRIC = "android_biometrics";
                 public const string AUTH_DEVICE_LINK = "device_link";
+                public const string AUTH_APP_PLATFORM = "app_platform";
             }
 
             [Obsolete]
@@ -46,6 +47,7 @@ public static class Associations
                 public const string ASSOC_SPECIALIZATION = "spec";
                 public const string ASSOC_AUTHENTICATION = "authMode";
                 public const string ASSOC_VAULT_ID = "vaultId";
+                public const string ASSOC_APP_PLATFORM = "appPlatform";
                 public const string ASSOC_VERSION = "version";
             }
 
diff --git a/src/Core/SecureFolderFS.Core/DataModels/V4VaultConfigurationDataModel.cs b/src/Core/SecureFolderFS.Core/DataModels/V4VaultConfigurationDataModel.cs
new file mode 100644
index 000000000..65fca374a
--- /dev/null
+++ b/src/Core/SecureFolderFS.Core/DataModels/V4VaultConfigurationDataModel.cs
@@ -0,0 +1,75 @@
+using SecureFolderFS.Shared.Models;
+using System;
+using System.ComponentModel;
+using System.Security.Cryptography;
+using System.Text.Json.Serialization;
+using static SecureFolderFS.Core.Constants.Vault;
+
+namespace SecureFolderFS.Core.DataModels
+{
+    [Serializable]
+    public sealed record class V4VaultConfigurationDataModel : VersionDataModel
+    {
+        [JsonPropertyName(Associations.ASSOC_CONTENT_CIPHER_ID)]
+        [DefaultValue("")]
+        public required string ContentCipherId { get; init; }
+
+        [JsonPropertyName(Associations.ASSOC_FILENAME_CIPHER_ID)]
+        [DefaultValue("")]
+        public required string FileNameCipherId { get; init; }
+
+        [JsonPropertyName(Associations.ASSOC_FILENAME_ENCODING_ID)]
+        [DefaultValue("")]
+        public string FileNameEncodingId { get; set; } = Cryptography.Constants.CipherId.ENCODING_BASE64URL;
+
+        [JsonPropertyName(Associations.ASSOC_RECYCLE_SIZE)]
+        [DefaultValue(0L)]
+        public long RecycleBinSize { get; set; } = 0L;
+
+        [JsonPropertyName(Associations.ASSOC_AUTHENTICATION)]
+        [DefaultValue("")]
+        public required string AuthenticationMethod { get; set; } = string.Empty;
+
+        [JsonPropertyName(Associations.ASSOC_VAULT_ID)]
+        [DefaultValue("")]
+        public required string Uid { get; init; } = string.Empty;
+
+        [JsonPropertyName(Associations.ASSOC_APP_PLATFORM)]
+        public AppPlatformVaultOptions? AppPlatform { get; init; }
+
+        [JsonPropertyName("hmacsha256mac")]
+        public byte[]? PayloadMac { get; set; }
+
+        public static V4VaultConfigurationDataModel V4FromVaultOptions(VaultOptions vaultOptions)
+        {
+            return new()
+            {
+                Version = vaultOptions.Version < 1 ? Versions.LATEST_VERSION : vaultOptions.Version,
+                ContentCipherId = vaultOptions.ContentCipherId ?? Cryptography.Constants.CipherId.XCHACHA20_POLY1305,
+                FileNameCipherId = vaultOptions.FileNameCipherId ?? Cryptography.Constants.CipherId.AES_SIV,
+                FileNameEncodingId = vaultOptions.NameEncodingId ?? Cryptography.Constants.CipherId.ENCODING_BASE64URL,
+                AuthenticationMethod = vaultOptions.UnlockProcedure.ToString(),
+                RecycleBinSize = vaultOptions.RecycleBinSize,
+                Uid = vaultOptions.VaultId ?? Guid.NewGuid().ToString(),
+                AppPlatform = vaultOptions.AppPlatform,
+                PayloadMac = new byte[HMACSHA256.HashSizeInBytes]
+            };
+        }
+
+        public VaultConfigurationDataModel ToVaultConfigurationDataModel()
+        {
+            return new VaultConfigurationDataModel
+            {
+                Version = Version,
+                ContentCipherId = ContentCipherId,
+                FileNameCipherId = FileNameCipherId,
+                FileNameEncodingId = FileNameEncodingId,
+                AuthenticationMethod = AuthenticationMethod,
+                RecycleBinSize = RecycleBinSize,
+                Uid = Uid,
+                PayloadMac = PayloadMac
+            };
+        }
+    }
+}
+
diff --git a/src/Core/SecureFolderFS.Core/DataModels/VaultConfigurationDataModel.cs b/src/Core/SecureFolderFS.Core/DataModels/VaultConfigurationDataModel.cs
index 5b658f259..01e951d7c 100644
--- a/src/Core/SecureFolderFS.Core/DataModels/VaultConfigurationDataModel.cs
+++ b/src/Core/SecureFolderFS.Core/DataModels/VaultConfigurationDataModel.cs
@@ -1,8 +1,8 @@
-using SecureFolderFS.Shared.Models;
-using System;
+using System;
 using System.ComponentModel;
 using System.Security.Cryptography;
 using System.Text.Json.Serialization;
+using SecureFolderFS.Shared.Models;
 using static SecureFolderFS.Core.Constants.Vault;
 
 namespace SecureFolderFS.Core.DataModels
diff --git a/src/Core/SecureFolderFS.Core/Routines/Operational/CreationRoutine.cs b/src/Core/SecureFolderFS.Core/Routines/Operational/CreationRoutine.cs
index 74af213c9..8a739ea05 100644
--- a/src/Core/SecureFolderFS.Core/Routines/Operational/CreationRoutine.cs
+++ b/src/Core/SecureFolderFS.Core/Routines/Operational/CreationRoutine.cs
@@ -22,6 +22,7 @@ internal sealed class CreationRoutine : ICreationRoutine
         private V3VaultKeystoreDataModel? _keystoreDataModel;
         private V4VaultKeystoreDataModel? _v4KeystoreDataModel;
         private VaultConfigurationDataModel? _configDataModel;
+        private V4VaultConfigurationDataModel? _v4ConfigDataModel;
         private IKeyUsage? _dekKey;
         private IKeyUsage? _macKey;
 
@@ -81,7 +82,16 @@ public void V4SetCredentials(IKeyUsage passkey)
         /// <inheritdoc/>
         public void SetOptions(VaultOptions vaultOptions)
         {
-            _configDataModel = VaultConfigurationDataModel.FromVaultOptions(vaultOptions);
+            if (vaultOptions.AppPlatform is null)
+            {
+                _configDataModel = VaultConfigurationDataModel.FromVaultOptions(vaultOptions);
+                _v4ConfigDataModel = null;
+            }
+            else
+            {
+                _v4ConfigDataModel = V4VaultConfigurationDataModel.V4FromVaultOptions(vaultOptions);
+                _configDataModel = _v4ConfigDataModel.ToVaultConfigurationDataModel();
+            }
         }
 
         /// <inheritdoc/>
@@ -95,13 +105,19 @@ public async Task<IDisposable> FinalizeAsync(CancellationToken cancellationToken
             // First, we need to fill in the PayloadMac of the content
             _macKey.UseKey(macKey =>
             {
-                VaultParser.CalculateConfigMac(_configDataModel, macKey, _configDataModel.PayloadMac);
+                if (_v4ConfigDataModel is not null)
+                    VaultParser.V4CalculateConfigMac(_v4ConfigDataModel, macKey, _v4ConfigDataModel.PayloadMac);
+                else
+                    VaultParser.CalculateConfigMac(_configDataModel, macKey, _configDataModel.PayloadMac);
             });
 
             // Write the whole configuration
             await _vaultWriter.WriteKeystoreAsync(_keystoreDataModel, cancellationToken);
             //await _vaultWriter.WriteV4KeystoreAsync(_v4KeystoreDataModel, cancellationToken);
-            await _vaultWriter.WriteConfigurationAsync(_configDataModel, cancellationToken);
+            if (_v4ConfigDataModel is not null)
+                await _vaultWriter.WriteV4ConfigurationAsync(_v4ConfigDataModel, cancellationToken);
+            else
+                await _vaultWriter.WriteConfigurationAsync(_configDataModel, cancellationToken);
 
             // Create the content folder
             if (_vaultFolder is IModifiableFolder modifiableFolder)
diff --git a/src/Core/SecureFolderFS.Core/Routines/Operational/ModifyCredentialsRoutine.cs b/src/Core/SecureFolderFS.Core/Routines/Operational/ModifyCredentialsRoutine.cs
index 7345717b2..eb03e2336 100644
--- a/src/Core/SecureFolderFS.Core/Routines/Operational/ModifyCredentialsRoutine.cs
+++ b/src/Core/SecureFolderFS.Core/Routines/Operational/ModifyCredentialsRoutine.cs
@@ -23,6 +23,7 @@ internal sealed class ModifyCredentialsRoutine : IModifyCredentialsRoutine
         private V3VaultKeystoreDataModel? _keystoreDataModel;
         private V4VaultKeystoreDataModel? _v4KeystoreDataModel;
         private VaultConfigurationDataModel? _configDataModel;
+        private V4VaultConfigurationDataModel? _v4ConfigDataModel;
 
         public ModifyCredentialsRoutine(VaultReader vaultReader, VaultWriter vaultWriter)
         {
@@ -49,7 +50,16 @@ public void SetUnlockContract(IDisposable unlockContract)
         /// <inheritdoc/>
         public void SetOptions(VaultOptions vaultOptions)
         {
-            _configDataModel = VaultConfigurationDataModel.FromVaultOptions(vaultOptions);
+            if (vaultOptions.AppPlatform is null)
+            {
+                _configDataModel = VaultConfigurationDataModel.FromVaultOptions(vaultOptions);
+                _v4ConfigDataModel = null;
+            }
+            else
+            {
+                _v4ConfigDataModel = V4VaultConfigurationDataModel.V4FromVaultOptions(vaultOptions);
+                _configDataModel = _v4ConfigDataModel.ToVaultConfigurationDataModel();
+            }
         }
 
         /// <inheritdoc/>
@@ -137,13 +147,19 @@ public async Task<IDisposable> FinalizeAsync(CancellationToken cancellationToken
             // First, we need to fill in the PayloadMac of the content
             _keyPair.MacKey.UseKey(macKey =>
             {
-                VaultParser.CalculateConfigMac(_configDataModel, macKey, _configDataModel.PayloadMac);
+                if (_v4ConfigDataModel is not null)
+                    VaultParser.V4CalculateConfigMac(_v4ConfigDataModel, macKey, _v4ConfigDataModel.PayloadMac);
+                else
+                    VaultParser.CalculateConfigMac(_configDataModel, macKey, _configDataModel.PayloadMac);
             });
 
             // Write the whole configuration
             await _vaultWriter.WriteKeystoreAsync(_keystoreDataModel, cancellationToken);
             //await _vaultWriter.WriteKeystoreAsync(_v4KeystoreDataModel, cancellationToken);
-            await _vaultWriter.WriteConfigurationAsync(_configDataModel, cancellationToken);
+            if (_v4ConfigDataModel is not null)
+                await _vaultWriter.WriteV4ConfigurationAsync(_v4ConfigDataModel, cancellationToken);
+            else
+                await _vaultWriter.WriteConfigurationAsync(_configDataModel, cancellationToken);
 
             // Key copies need to be created because the original ones are disposed of here
             using (_keyPair)
diff --git a/src/Core/SecureFolderFS.Core/Routines/Operational/RecoverRoutine.cs b/src/Core/SecureFolderFS.Core/Routines/Operational/RecoverRoutine.cs
index a12e7f748..54a555b4f 100644
--- a/src/Core/SecureFolderFS.Core/Routines/Operational/RecoverRoutine.cs
+++ b/src/Core/SecureFolderFS.Core/Routines/Operational/RecoverRoutine.cs
@@ -15,6 +15,7 @@ public sealed class RecoverRoutine : ICredentialsRoutine, IFinalizationRoutine
     {
         private readonly VaultReader _vaultReader;
         private VaultConfigurationDataModel? _configDataModel;
+        private V4VaultConfigurationDataModel? _v4ConfigDataModel;
         private KeyPair? _keyPair;
 
         public RecoverRoutine(VaultReader vaultReader)
@@ -26,6 +27,18 @@ public RecoverRoutine(VaultReader vaultReader)
         public async Task InitAsync(CancellationToken cancellationToken)
         {
             _configDataModel = await _vaultReader.ReadConfigurationAsync(cancellationToken);
+
+            if (_configDataModel.AuthenticationMethod.Contains(Constants.Vault.Authentication.AUTH_APP_PLATFORM, StringComparison.Ordinal))
+            {
+                try
+                {
+                    _v4ConfigDataModel = await _vaultReader.ReadV4ConfigurationAsync(cancellationToken);
+                }
+                catch (Exception)
+                {
+                    _v4ConfigDataModel = null;
+                }
+            }
         }
 
         /// <inheritdoc/>
@@ -44,7 +57,10 @@ public async Task<IDisposable> FinalizeAsync(CancellationToken cancellationToken
             {
                 // Check if the payload has not been tampered with
                 var validator = new ConfigurationValidator(_keyPair.MacKey);
-                await validator.ValidateAsync(_configDataModel, cancellationToken);
+                if (_v4ConfigDataModel is not null)
+                    await validator.V4ValidateAsync(_v4ConfigDataModel, cancellationToken);
+                else
+                    await validator.ValidateAsync(_configDataModel, cancellationToken);
 
                 // In this case, we rely on the consumer to take ownership of the keys, and thus manage their lifetimes
                 // Key copies need to be created because the original ones are disposed of here
diff --git a/src/Core/SecureFolderFS.Core/Routines/Operational/UnlockRoutine.cs b/src/Core/SecureFolderFS.Core/Routines/Operational/UnlockRoutine.cs
index 6a3b8c195..0c096a8c6 100644
--- a/src/Core/SecureFolderFS.Core/Routines/Operational/UnlockRoutine.cs
+++ b/src/Core/SecureFolderFS.Core/Routines/Operational/UnlockRoutine.cs
@@ -17,6 +17,7 @@ internal sealed class UnlockRoutine : ICredentialsRoutine
         private V3VaultKeystoreDataModel? _keystoreDataModel;
         private V4VaultKeystoreDataModel? _v4KeystoreDataModel;
         private VaultConfigurationDataModel? _configDataModel;
+        private V4VaultConfigurationDataModel? _v4ConfigDataModel;
         private SecureKey? _dekKey;
         private SecureKey? _macKey;
 
@@ -30,6 +31,18 @@ public async Task InitAsync(CancellationToken cancellationToken)
         {
             _configDataModel = await _vaultReader.ReadConfigurationAsync(cancellationToken);
 
+            if (_configDataModel.AuthenticationMethod.Contains(Constants.Vault.Authentication.AUTH_APP_PLATFORM, StringComparison.Ordinal))
+            {
+                try
+                {
+                    _v4ConfigDataModel = await _vaultReader.ReadV4ConfigurationAsync(cancellationToken);
+                }
+                catch (Exception)
+                {
+                    _v4ConfigDataModel = null;
+                }
+            }
+
             if (_configDataModel.Version >= Constants.Vault.Versions.V4)
                 _v4KeystoreDataModel = await _vaultReader.ReadKeystoreAsync<V4VaultKeystoreDataModel>(cancellationToken);
             else
@@ -71,7 +84,10 @@ public async Task<IDisposable> FinalizeAsync(CancellationToken cancellationToken
             {
                 // Check if the payload has not been tampered with
                 var validator = new ConfigurationValidator(_macKey);
-                await validator.ValidateAsync(_configDataModel, cancellationToken);
+                if (_v4ConfigDataModel is not null)
+                    await validator.V4ValidateAsync(_v4ConfigDataModel, cancellationToken);
+                else
+                    await validator.ValidateAsync(_configDataModel, cancellationToken);
 
                 // In this case, we rely on the consumer to take ownership of the keys, and thus manage their lifetimes
                 // Key copies need to be created because the original ones are disposed of here
diff --git a/src/Core/SecureFolderFS.Core/Validators/ConfigurationValidator.cs b/src/Core/SecureFolderFS.Core/Validators/ConfigurationValidator.cs
index 3019a25b9..bd2c71a91 100644
--- a/src/Core/SecureFolderFS.Core/Validators/ConfigurationValidator.cs
+++ b/src/Core/SecureFolderFS.Core/Validators/ConfigurationValidator.cs
@@ -25,6 +25,12 @@ public async Task ValidateAsync(VaultConfigurationDataModel value, CancellationT
             await Task.CompletedTask;
         }
 
+        public async Task V4ValidateAsync(V4VaultConfigurationDataModel value, CancellationToken cancellationToken = default)
+        {
+            V4Validate(value);
+            await Task.CompletedTask;
+        }
+
         [SkipLocalsInit]
         private void Validate(VaultConfigurationDataModel value)
         {
@@ -41,5 +47,19 @@ private void Validate(VaultConfigurationDataModel value)
             if (!isEqual)
                 throw new CryptographicException("Vault hash doesn't match the computed hash.");
         }
+
+        [SkipLocalsInit]
+        private void V4Validate(V4VaultConfigurationDataModel value)
+        {
+            var isEqual = _macKey.UseKey(macKey =>
+            {
+                Span<byte> payloadMac = stackalloc byte[HMACSHA256.HashSizeInBytes];
+                VaultParser.V4CalculateConfigMac(value, macKey, payloadMac);
+                return CryptographicOperations.FixedTimeEquals(payloadMac, value.PayloadMac);
+            });
+
+            if (!isEqual)
+                throw new CryptographicException("Vault hash doesn't match the computed hash.");
+        }
     }
 }
diff --git a/src/Core/SecureFolderFS.Core/VaultAccess/VaultParser.cs b/src/Core/SecureFolderFS.Core/VaultAccess/VaultParser.cs
index 7b7b1afe0..5dee36a09 100644
--- a/src/Core/SecureFolderFS.Core/VaultAccess/VaultParser.cs
+++ b/src/Core/SecureFolderFS.Core/VaultAccess/VaultParser.cs
@@ -36,6 +36,26 @@ public static void CalculateConfigMac(VaultConfigurationDataModel configDataMode
             hmacSha256.GetCurrentHash(mac);
         }
 
+        public static void V4CalculateConfigMac(V4VaultConfigurationDataModel configDataModel, ReadOnlySpan<byte> macKey, Span<byte> mac)
+        {
+            using var hmacSha256 = new HMACSHA256(macKey.ToArray());
+
+            hmacSha256.AppendData(BitConverter.GetBytes(configDataModel.Version));
+            hmacSha256.AppendData(BitConverter.GetBytes(CryptHelpers.ContentCipherId(configDataModel.ContentCipherId)));
+            hmacSha256.AppendData(BitConverter.GetBytes(CryptHelpers.FileNameCipherId(configDataModel.FileNameCipherId)));
+            hmacSha256.AppendData(BitConverter.GetBytes(configDataModel.RecycleBinSize));
+            hmacSha256.AppendData(Encoding.UTF8.GetBytes(configDataModel.FileNameEncodingId));
+            hmacSha256.AppendData(Encoding.UTF8.GetBytes(configDataModel.Uid));
+            hmacSha256.AppendData(Encoding.UTF8.GetBytes(configDataModel.AppPlatform?.ServerUrl ?? string.Empty));
+            hmacSha256.AppendData(Encoding.UTF8.GetBytes(configDataModel.AppPlatform?.VaultResource ?? string.Empty));
+            hmacSha256.AppendData(Encoding.UTF8.GetBytes(configDataModel.AppPlatform?.Organization ?? string.Empty));
+            hmacSha256.AppendData(Encoding.UTF8.GetBytes(configDataModel.AppPlatform?.AccessTokenEndpoint ?? string.Empty));
+            hmacSha256.AppendData(Encoding.UTF8.GetBytes(configDataModel.AppPlatform?.DeviceRegistrationEndpoint ?? string.Empty));
+            hmacSha256.AppendFinalData(Encoding.UTF8.GetBytes(configDataModel.AuthenticationMethod));
+
+            hmacSha256.GetCurrentHash(mac);
+        }
+
         /// <summary>
         /// Derives DEK and MAC keys from provided credentials.
         /// </summary>
diff --git a/src/Core/SecureFolderFS.Core/VaultAccess/VaultReader.cs b/src/Core/SecureFolderFS.Core/VaultAccess/VaultReader.cs
index ffa8a326a..304ed0faa 100644
--- a/src/Core/SecureFolderFS.Core/VaultAccess/VaultReader.cs
+++ b/src/Core/SecureFolderFS.Core/VaultAccess/VaultReader.cs
@@ -45,6 +45,14 @@ public async Task<VaultConfigurationDataModel> ReadConfigurationAsync(Cancellati
             return await ReadDataAsync<VaultConfigurationDataModel>(configFile, _serializer, cancellationToken);
         }
 
+        public async Task<V4VaultConfigurationDataModel> ReadV4ConfigurationAsync(CancellationToken cancellationToken)
+        {
+            if (await _vaultFolder.GetFirstByNameAsync(Constants.Vault.Names.VAULT_CONFIGURATION_FILENAME, cancellationToken) is not IFile configFile)
+                throw new FileNotFoundException("The configuration file was not found.");
+
+            return await ReadDataAsync<V4VaultConfigurationDataModel>(configFile, _serializer, cancellationToken);
+        }
+
         public async Task<VersionDataModel> ReadVersionAsync(CancellationToken cancellationToken)
         {
             // Get configuration file
diff --git a/src/Core/SecureFolderFS.Core/VaultAccess/VaultWriter.cs b/src/Core/SecureFolderFS.Core/VaultAccess/VaultWriter.cs
index 92943e572..d30715db7 100644
--- a/src/Core/SecureFolderFS.Core/VaultAccess/VaultWriter.cs
+++ b/src/Core/SecureFolderFS.Core/VaultAccess/VaultWriter.cs
@@ -46,6 +46,17 @@ public async Task WriteConfigurationAsync(VaultConfigurationDataModel? configDat
             await WriteDataAsync(configFile, configDataModel, cancellationToken);
         }
 
+        public async Task WriteV4ConfigurationAsync(V4VaultConfigurationDataModel? configDataModel, CancellationToken cancellationToken)
+        {
+            var configFile = configDataModel is null ? null : _vaultFolder switch
+            {
+                IModifiableFolder modifiableFolder => await modifiableFolder.CreateFileAsync(Constants.Vault.Names.VAULT_CONFIGURATION_FILENAME, true, cancellationToken),
+                _ => await _vaultFolder.GetFirstByNameAsync(Constants.Vault.Names.VAULT_CONFIGURATION_FILENAME, cancellationToken) as IFile
+            };
+
+            await WriteDataAsync(configFile, configDataModel, cancellationToken);
+        }
+
         public async Task WriteAuthenticationAsync<TCapability>(string fileName, TCapability? authDataModel, CancellationToken cancellationToken)
             where TCapability : VaultCapabilityDataModel
         {
diff --git a/src/Platforms/Directory.Packages.props b/src/Platforms/Directory.Packages.props
index f519dc960..cdf9fc188 100644
--- a/src/Platforms/Directory.Packages.props
+++ b/src/Platforms/Directory.Packages.props
@@ -17,6 +17,7 @@
     <PackageVersion Include="Microsoft.Maui.Core" Version="10.0.31" />
     <PackageVersion Include="Microsoft.Maui.Essentials" Version="10.0.31" />
     <PackageVersion Include="Microsoft.Extensions.Logging.Console" Version="10.0.3" />
+    <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.4" />
     <PackageVersion Include="Microsoft.Windows.Compatibility" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Windows.SDK.BuildTools" Version="10.0.22621.756" />
     <PackageVersion Include="Octokit" Version="14.0.0" />
@@ -47,4 +48,4 @@
     <PackageVersion Include="Xamarin.AndroidX.DocumentFile" Version="1.1.0.1" />
     <PackageVersion Include="Yubico.YubiKey" Version="1.15.1" />
   </ItemGroup>
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Platforms/SecureFolderFS.AppPlatform b/src/Platforms/SecureFolderFS.AppPlatform
new file mode 160000
index 000000000..fb9e3e9a7
--- /dev/null
+++ b/src/Platforms/SecureFolderFS.AppPlatform
@@ -0,0 +1 @@
+Subproject commit fb9e3e9a78c3df29b60c8335986f0ae47ad7a80b
diff --git a/src/Platforms/SecureFolderFS.AppPlatform.Server b/src/Platforms/SecureFolderFS.AppPlatform.Server
new file mode 160000
index 000000000..559a82d60
--- /dev/null
+++ b/src/Platforms/SecureFolderFS.AppPlatform.Server
@@ -0,0 +1 @@
+Subproject commit 559a82d60669326b738ed0436a41549c357e8ecd
diff --git a/src/Platforms/SecureFolderFS.Dashboard b/src/Platforms/SecureFolderFS.Dashboard
deleted file mode 160000
index ad1dd04b3..000000000
--- a/src/Platforms/SecureFolderFS.Dashboard
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit ad1dd04b314f92045292b63bda907787a7c44b28
diff --git a/src/Platforms/SecureFolderFS.Maui/Platforms/Android/ServiceImplementation/AndroidFileExplorerService.cs b/src/Platforms/SecureFolderFS.Maui/Platforms/Android/ServiceImplementation/AndroidFileExplorerService.cs
index 2da5fd153..87e778b27 100644
--- a/src/Platforms/SecureFolderFS.Maui/Platforms/Android/ServiceImplementation/AndroidFileExplorerService.cs
+++ b/src/Platforms/SecureFolderFS.Maui/Platforms/Android/ServiceImplementation/AndroidFileExplorerService.cs
@@ -20,6 +20,25 @@ namespace SecureFolderFS.Maui.Platforms.Android.ServiceImplementation
     /// <inheritdoc cref="IFileExplorerService"/>
     internal sealed class AndroidFileExplorerService : IFileExplorerService
     {
+        /// <inheritdoc/>
+        public async Task<IEnumerable<IStorable>> PickGalleryItemsAsync(CancellationToken cancellationToken = default)
+        {
+            var intent = new Intent(Intent.ActionOpenDocument)
+                .AddCategory(Intent.CategoryOpenable)
+                .PutExtra(Intent.ExtraAllowMultiple, true)
+                .SetType("*/*")
+                .PutExtra(Intent.ExtraMimeTypes, new[] { "image/*", "video/*" });
+
+            var pickerIntent = Intent.CreateChooser(intent, "Select photos or videos");
+
+            // GalleryPicker 0x2AFA
+            var uris = await StartActivityForUrisAsync(pickerIntent, 0x2AFA);
+            if (uris.Count == 0 || MainActivity.Instance is null)
+                return [];
+
+            return uris.Select(x => (IStorable)new AndroidFile(x, MainActivity.Instance)).ToArray();
+        }
+
         /// <inheritdoc/>
         public async Task<IFile?> PickFileAsync(PickerOptions? options, bool offerPersistence = true, CancellationToken cancellationToken = default)
         {
@@ -124,24 +143,43 @@ public async Task<bool> SaveFileAsync(string suggestedName, Stream dataStream, I
 
         private async Task<AndroidUri?> StartActivityAsync(Intent? pickerIntent, int requestCode)
         {
-            AndroidUri? resultUri = null;
+            var uris = await StartActivityForUrisAsync(pickerIntent, requestCode);
+            return uris.FirstOrDefault();
+        }
+
+        private async Task<IReadOnlyList<AndroidUri>> StartActivityForUrisAsync(Intent? pickerIntent, int requestCode)
+        {
             var tcs = new TaskCompletionSource<Intent?>();
 
             var activity = MainActivity.Instance;
             if (activity is null)
-                return null;
+                return [];
 
             activity.ActivityResult += OnActivityResult;
             activity.StartActivityForResult(pickerIntent, requestCode);
 
             var result = await tcs.Task;
-            if (result?.Data is { } uri)
-                resultUri = uri;
-
             if (result?.HasExtra("error") == true)
                 throw new Exception(result.GetStringExtra("error"));
 
-            return resultUri;
+            if (result is null)
+                return [];
+
+            var uris = new List<AndroidUri>();
+            if (result.Data is { } singleUri)
+                uris.Add(singleUri);
+
+            if (result.ClipData is { } clipData)
+            {
+                for (var i = 0; i < clipData.ItemCount; i++)
+                {
+                    var clipUri = clipData.GetItemAt(i)?.Uri;
+                    if (clipUri is not null)
+                        uris.Add(clipUri);
+                }
+            }
+
+            return uris.DistinctBy(x => x.ToString()).ToArray();
 
             void OnActivityResult(int rC, Result resultCode, Intent? data)
             {
diff --git a/src/Platforms/SecureFolderFS.Maui/Platforms/iOS/ServiceImplementation/IOSFileExplorerService.cs b/src/Platforms/SecureFolderFS.Maui/Platforms/iOS/ServiceImplementation/IOSFileExplorerService.cs
index 3c61eb2ed..c46532dde 100644
--- a/src/Platforms/SecureFolderFS.Maui/Platforms/iOS/ServiceImplementation/IOSFileExplorerService.cs
+++ b/src/Platforms/SecureFolderFS.Maui/Platforms/iOS/ServiceImplementation/IOSFileExplorerService.cs
@@ -2,9 +2,11 @@
 using CommunityToolkit.Maui.Storage;
 using Foundation;
 using OwlCore.Storage;
+using PhotosUI;
 using SecureFolderFS.Maui.Platforms.iOS.Storage;
 using SecureFolderFS.Sdk.Services;
 using SecureFolderFS.Shared.ComponentModel;
+using SecureFolderFS.Storage.MemoryStorageEx;
 using SecureFolderFS.Storage.Pickers;
 using UIKit;
 using UniformTypeIdentifiers;
@@ -15,6 +17,34 @@ namespace SecureFolderFS.Maui.Platforms.iOS.ServiceImplementation
     [SuppressMessage("Interoperability", "CA1422:Validate platform compatibility")]
     internal sealed class IOSFileExplorerService : IFileExplorerService
     {
+        private record struct PickedGalleryItem(NSData Data, string Name, string TypeIdentifier);
+        
+        /// <inheritdoc/>
+        public async Task<IEnumerable<IStorable>> PickGalleryItemsAsync(CancellationToken cancellationToken = default)
+        {
+            var pickerConfiguration = new PHPickerConfiguration()
+            {
+                SelectionLimit = 0
+            };
+
+            using var picker = new PHPickerViewController(pickerConfiguration);
+            var pickedFiles = await PickGalleryInternalAsync(picker, cancellationToken);
+
+            return pickedFiles
+                .Select(x =>
+                {
+                    var buffer = x.Data.ToArray();
+                    var ext = GetExtensionForTypeIdentifier(x.TypeIdentifier, buffer.AsSpan(0, 64));
+                    var baseName = x.Name;
+                    var fullName = string.IsNullOrEmpty(ext) ? baseName : $"{baseName}{ext}";
+                    return (IStorable)new MemoryFileEx(
+                        $"/{fullName}",
+                        fullName,
+                        new MemoryStream(buffer));
+                })
+                .ToArray();
+        }
+
         /// <inheritdoc/>
         public async Task<bool> TryOpenInFileExplorerAsync(IFolder folder, CancellationToken cancellationToken = default)
         {
@@ -93,5 +123,105 @@ void DocumentPicker_DidPickDocumentAtUrls(object? sender, UIDocumentPickedAtUrls
                 tcs.TrySetResult(e.Urls[0]);
             }
         }
+
+        private static async Task<IReadOnlyList<PickedGalleryItem>> PickGalleryInternalAsync(PHPickerViewController picker, CancellationToken cancellationToken)
+        {
+            var tcs = new TaskCompletionSource<IReadOnlyList<PickedGalleryItem>>();
+
+            var currentViewController = Platform.GetCurrentUIViewController();
+            if (currentViewController is null)
+                throw new InvalidOperationException("Unable to get the UI View Controller for gallery picker.");
+
+            var pickerDelegate = new PickerDelegate(async results =>
+            {
+                picker.DismissViewController(true, null);
+
+                if (results.Length == 0)
+                {
+                    _ = tcs.TrySetResult([]);
+                    return;
+                }
+
+                var storageTasks = results
+                    .Where(x => x.ItemProvider.HasItemConformingTo(UTTypes.Image.Identifier) || x.ItemProvider.HasItemConformingTo(UTTypes.Movie.Identifier))
+                    .Select(result => LoadPickedFileAsync(result.ItemProvider))
+                    .ToArray();
+
+                var loadedItems = await Task.WhenAll(storageTasks);
+                var pickedGalleryItems = loadedItems.Where(x => x is not null).Select(x => (PickedGalleryItem)x!);
+                _ = tcs.TrySetResult(pickedGalleryItems.ToArray());
+            });
+
+            picker.Delegate = pickerDelegate;
+            currentViewController.PresentViewController(picker, true, null);
+
+            return await tcs.Task.WaitAsync(cancellationToken).ConfigureAwait(false);
+        }
+
+        private static Task<PickedGalleryItem?> LoadPickedFileAsync(NSItemProvider itemProvider)
+        {
+            var tcs = new TaskCompletionSource<PickedGalleryItem?>();
+            
+            // Try concrete types first, so PreferredFilenameExtension always resolves
+            string typeIdentifier;
+            if (itemProvider.HasItemConformingTo(UTTypes.Jpeg.Identifier))
+                typeIdentifier = UTTypes.Jpeg.Identifier;
+            else if (itemProvider.HasItemConformingTo(UTTypes.Heic.Identifier))
+                typeIdentifier = UTTypes.Heic.Identifier;
+            else if (itemProvider.HasItemConformingTo(UTTypes.Png.Identifier))
+                typeIdentifier = UTTypes.Png.Identifier;
+            else if (itemProvider.HasItemConformingTo(UTTypes.Gif.Identifier))
+                typeIdentifier = UTTypes.Gif.Identifier;
+            else if (itemProvider.HasItemConformingTo(UTTypes.Mpeg4Movie.Identifier))
+                typeIdentifier = UTTypes.Mpeg4Movie.Identifier;
+            else if (itemProvider.HasItemConformingTo(UTTypes.QuickTimeMovie.Identifier))
+                typeIdentifier = UTTypes.QuickTimeMovie.Identifier;
+            else if (itemProvider.HasItemConformingTo(UTTypes.Movie.Identifier))
+                typeIdentifier = UTTypes.Movie.Identifier;
+            else
+                typeIdentifier = UTTypes.Image.Identifier; // Last resort abstract fallback
+
+            itemProvider.LoadDataRepresentation(typeIdentifier, (data, error) =>
+            {
+                if (error is not null || data is null || itemProvider.SuggestedName is null)
+                {
+                    _ = tcs.TrySetResult(null);
+                    return;
+                }
+
+                _ = tcs.TrySetResult(new(data, itemProvider.SuggestedName, typeIdentifier));
+            });
+
+            return tcs.Task;
+        }
+        
+        private static string GetExtensionForTypeIdentifier(string? typeIdentifier, ReadOnlySpan<byte> imageBytes64)
+        {
+            if (typeIdentifier is not null)
+            {
+                var utType = UTType.CreateFromIdentifier(typeIdentifier);
+                if (utType?.PreferredFilenameExtension is { Length: > 0 } ext)
+                    return $".{ext}";
+            }
+
+            // Sniff magic bytes before falling back to .jpg
+            if (imageBytes64.Length >= 8)
+            {
+                if (imageBytes64[0] == 0xFF && imageBytes64[1] == 0xD8) return ".jpg";
+                if (imageBytes64[0] == 0x89 && imageBytes64[1] == 0x50) return ".png";
+                if (imageBytes64[0] == 0x47 && imageBytes64[1] == 0x49) return ".gif";
+                if (imageBytes64[4] == 0x66 && imageBytes64[5] == 0x74 && imageBytes64[6] == 0x79 && imageBytes64[7] == 0x70) return ".mp4";
+            }
+
+            return ".jpg";
+        }
+
+        private sealed class PickerDelegate(Func<PHPickerResult[], Task> onFinished) : PHPickerViewControllerDelegate
+        {
+            public override void DidFinishPicking(PHPickerViewController picker, PHPickerResult[] results)
+            {
+                _ = onFinished(results);
+            }
+        }
     }
 }
diff --git a/src/Platforms/SecureFolderFS.Maui/Prompts/StorableTypePrompt.cs b/src/Platforms/SecureFolderFS.Maui/Prompts/StorableTypePrompt.cs
index 9588fe0ec..f9cb1a16e 100644
--- a/src/Platforms/SecureFolderFS.Maui/Prompts/StorableTypePrompt.cs
+++ b/src/Platforms/SecureFolderFS.Maui/Prompts/StorableTypePrompt.cs
@@ -20,20 +20,37 @@ public async Task<IResult> ShowAsync()
             var page = Shell.Current.CurrentPage;
             var fileText = "File".ToLocalized();
             var folderText = "Folder".ToLocalized();
+            var galleryText = "Gallery".ToLocalized();
+            var options = ViewModel.IncludeGallery
+                ? new[] { fileText, folderText, galleryText }
+                : new[] { fileText, folderText };
             var chosenOption = await page.DisplayActionSheetAsync(
                 ViewModel.Title,
                 "Cancel".ToLocalized(),
                 null,
-                fileText, folderText);
+                options);
+
+            ViewModel.SelectedOption = null;
 
             if (chosenOption == fileText)
+            {
                 ViewModel.StorableType = StorableType.File;
+                ViewModel.SelectedOption = nameof(StorableType.File);
+            }
             else if (chosenOption == folderText)
+            {
                 ViewModel.StorableType = StorableType.Folder;
+                ViewModel.SelectedOption = nameof(StorableType.Folder);
+            }
+            else if (ViewModel.IncludeGallery && chosenOption == galleryText)
+            {
+                ViewModel.StorableType = StorableType.None;
+                ViewModel.SelectedOption = galleryText;
+            }
             else
                 ViewModel.StorableType = StorableType.None;
 
-            return ViewModel.StorableType == StorableType.None ? Result.Failure(null) : Result.Success;
+            return string.IsNullOrEmpty(ViewModel.SelectedOption) ? Result.Failure(null) : Result.Success;
         }
 
         /// <inheritdoc/>
diff --git a/src/Platforms/SecureFolderFS.Maui/UserControls/IntroductionSlide.xaml b/src/Platforms/SecureFolderFS.Maui/UserControls/IntroductionSlide.xaml
index 9155ccbdb..a9a682f15 100644
--- a/src/Platforms/SecureFolderFS.Maui/UserControls/IntroductionSlide.xaml
+++ b/src/Platforms/SecureFolderFS.Maui/UserControls/IntroductionSlide.xaml
@@ -4,7 +4,7 @@
     xmlns:x="http://schemas.microsoft.com/winfx/2009/xaml"
     x:Name="ThisControl">
 
-    <Grid Padding="16,0" RowDefinitions="*,Auto">
+    <Grid Padding="24,0" RowDefinitions="*,Auto">
         <ContentView Grid.Row="0" Content="{Binding Slot, Mode=OneWay, Source={x:Reference ThisControl}}" />
         <VerticalStackLayout Grid.Row="1" Spacing="12">
             <Label
diff --git a/src/Platforms/SecureFolderFS.Maui/Views/IntroductionPage.xaml b/src/Platforms/SecureFolderFS.Maui/Views/IntroductionPage.xaml
index 9f39fc47e..4c802cd8a 100644
--- a/src/Platforms/SecureFolderFS.Maui/Views/IntroductionPage.xaml
+++ b/src/Platforms/SecureFolderFS.Maui/Views/IntroductionPage.xaml
@@ -64,13 +64,14 @@
             Subtitle="{l:ResourceString Rid=OnboardingDashboardSubtitle}">
             <uc:IntroductionSlide.Slot>
                 <ucc:MaskedImage
-                    Margin="0,128,0,0"
+                    Margin="0,0,0,-200"
                     Aspect="AspectFit"
                     HeightRequest="600"
                     SourceFileName="{OnPlatform Android={AppThemeBinding Light='intro_light_iphone_dashboard.png',
                                                                          Dark='intro_dark_iphone_dashboard.png'},
                                                 iOS={AppThemeBinding Light='intro_light_iphone_dashboard.png',
                                                                      Dark='intro_dark_iphone_dashboard.png'}}"
+                    VerticalOptions="Center"
                     StartPoint="0.5,1"
                     EndPoint="0.5,0.3">
                     <ucc:MaskedImage.Stops>
@@ -192,7 +193,7 @@
                             <ucc:GalleryView Grid.Row="0" Loaded="GalleryView_Loaded" />
                             <Button
                                 Grid.Row="1"
-                                Margin="16,0,16,16"
+                                Margin="24,0,24,24"
                                 Clicked="Continue_Clicked"
                                 Loaded="Continue_Loaded"
                                 Text="{l:ResourceString Rid=Continue}"
diff --git a/src/Platforms/SecureFolderFS.Maui/Views/Modals/Vault/FilePreviewModalPage.xaml.cs b/src/Platforms/SecureFolderFS.Maui/Views/Modals/Vault/FilePreviewModalPage.xaml.cs
index 75d3c1958..38cbb5f84 100644
--- a/src/Platforms/SecureFolderFS.Maui/Views/Modals/Vault/FilePreviewModalPage.xaml.cs
+++ b/src/Platforms/SecureFolderFS.Maui/Views/Modals/Vault/FilePreviewModalPage.xaml.cs
@@ -109,6 +109,7 @@ void Presentation_Loaded(object? sender, EventArgs e)
                     .OfType<PanPinchContainer>()
                     .FirstOrDefault();
 
+                panPinchContainer?.TappedCommand ??= ViewModel?.ToggleImmersionCommand;
                 panPinchContainer?.PanUpdatedCommand ??= GalleryView?.PanUpdatedCommand;
             }
         }
diff --git a/src/Platforms/SecureFolderFS.UI/ServiceImplementation/RecycleBinService.cs b/src/Platforms/SecureFolderFS.UI/ServiceImplementation/RecycleBinService.cs
index 168369d85..3b33ef479 100644
--- a/src/Platforms/SecureFolderFS.UI/ServiceImplementation/RecycleBinService.cs
+++ b/src/Platforms/SecureFolderFS.UI/ServiceImplementation/RecycleBinService.cs
@@ -34,20 +34,38 @@ public async Task ConfigureRecycleBinAsync(UnlockedVaultViewModel unlockedViewMo
 
             // Read configuration
             var configDataModel = await vaultReader.ReadConfigurationAsync(cancellationToken);
-            var newConfigDataModel = configDataModel with
+            if (configDataModel.AuthenticationMethod.Contains(Core.Constants.Vault.Authentication.AUTH_APP_PLATFORM, StringComparison.Ordinal))
             {
-                RecycleBinSize = maxSize,
-                PayloadMac = new byte[HMACSHA256.HashSizeInBytes]
-            };
+                var v4ConfigDataModel = await vaultReader.ReadV4ConfigurationAsync(cancellationToken);
+                var newV4ConfigDataModel = v4ConfigDataModel with
+                {
+                    RecycleBinSize = maxSize,
+                    PayloadMac = new byte[HMACSHA256.HashSizeInBytes]
+                };
 
-            // First, we need to fill in the PayloadMac of the content
-            specifics.Security.KeyPair.MacKey.UseKey(macKey =>
+                specifics.Security.KeyPair.MacKey.UseKey(macKey =>
+                {
+                    VaultParser.V4CalculateConfigMac(newV4ConfigDataModel, macKey, newV4ConfigDataModel.PayloadMac);
+                });
+
+                await vaultWriter.WriteV4ConfigurationAsync(newV4ConfigDataModel, cancellationToken);
+            }
+            else
             {
-                VaultParser.CalculateConfigMac(newConfigDataModel, macKey, newConfigDataModel.PayloadMac);
-            });
+                var newConfigDataModel = configDataModel with
+                {
+                    RecycleBinSize = maxSize,
+                    PayloadMac = new byte[HMACSHA256.HashSizeInBytes]
+                };
 
-            // Update the new configuration
-            await vaultWriter.WriteConfigurationAsync(newConfigDataModel, cancellationToken);
+                // First, we need to fill in the PayloadMac of the content
+                specifics.Security.KeyPair.MacKey.UseKey(macKey =>
+                {
+                    VaultParser.CalculateConfigMac(newConfigDataModel, macKey, newConfigDataModel.PayloadMac);
+                });
+
+                await vaultWriter.WriteConfigurationAsync(newConfigDataModel, cancellationToken);
+            }
 
             // Make sure to also update the file system options
             specifics.Options.DangerousSetRecycleBin(maxSize);
diff --git a/src/Platforms/SecureFolderFS.UI/ServiceImplementation/VaultService.cs b/src/Platforms/SecureFolderFS.UI/ServiceImplementation/VaultService.cs
index bb1770b71..823e574ab 100644
--- a/src/Platforms/SecureFolderFS.UI/ServiceImplementation/VaultService.cs
+++ b/src/Platforms/SecureFolderFS.UI/ServiceImplementation/VaultService.cs
@@ -42,6 +42,20 @@ public virtual async Task<VaultOptions> GetVaultOptionsAsync(IFolder vaultFolder
         {
             var vaultReader = new VaultReader(vaultFolder, StreamSerializer.Instance);
             var config = await vaultReader.ReadConfigurationAsync(cancellationToken);
+            Shared.Models.AppPlatformVaultOptions? appPlatform = null;
+
+            if (config.AuthenticationMethod.Contains(Core.Constants.Vault.Authentication.AUTH_APP_PLATFORM, StringComparison.Ordinal))
+            {
+                try
+                {
+                    var v4Config = await vaultReader.ReadV4ConfigurationAsync(cancellationToken);
+                    appPlatform = v4Config.AppPlatform;
+                }
+                catch (Exception)
+                {
+                    appPlatform = null;
+                }
+            }
 
             return new()
             {
@@ -51,7 +65,8 @@ public virtual async Task<VaultOptions> GetVaultOptionsAsync(IFolder vaultFolder
                 NameEncodingId = config.FileNameEncodingId,
                 RecycleBinSize = config.RecycleBinSize,
                 VaultId = config.Uid,
-                Version = config.Version
+                Version = config.Version,
+                AppPlatform = appPlatform
             };
         }
 
diff --git a/src/Platforms/SecureFolderFS.UI/Strings/en-US/Resources.resx b/src/Platforms/SecureFolderFS.UI/Strings/en-US/Resources.resx
index 863badd9a..3fe1d63e9 100644
--- a/src/Platforms/SecureFolderFS.UI/Strings/en-US/Resources.resx
+++ b/src/Platforms/SecureFolderFS.UI/Strings/en-US/Resources.resx
@@ -1364,4 +1364,7 @@
   <data name="PerformIntegrityCheck" xml:space="preserve">
       <value>Perform integrity check</value>
   </data>
+  <data name="Gallery" xml:space="preserve">
+      <value>Gallery</value>
+  </data>
 </root>
diff --git a/src/Platforms/SecureFolderFS.Uno/Platforms/Windows/Helpers/WindowsLifecycleHelper.cs b/src/Platforms/SecureFolderFS.Uno/Platforms/Windows/Helpers/WindowsLifecycleHelper.cs
index 81cfa8513..2a6ef8251 100644
--- a/src/Platforms/SecureFolderFS.Uno/Platforms/Windows/Helpers/WindowsLifecycleHelper.cs
+++ b/src/Platforms/SecureFolderFS.Uno/Platforms/Windows/Helpers/WindowsLifecycleHelper.cs
@@ -60,7 +60,7 @@ protected override IServiceCollection ConfigureServices(IModifiableFolder settin
                 .Override<IIapService, DebugIapService>(AddService.AddSingleton)
                 .Override<IUpdateService, DebugUpdateService>(AddService.AddSingleton)
 #else
-                .Override<IIapService, DebugIapService>(AddService.AddSingleton) // .AddSingleton<IIapService, MicrosoftStoreIapService>() // TODO: Change in the future
+                .Override<IIapService, MicrosoftStoreIapService>(AddService.AddSingleton)
                 .Override<IUpdateService, MicrosoftStoreUpdateService>(AddService.AddSingleton)
 #endif
 
diff --git a/src/Platforms/SecureFolderFS.Uno/ServiceImplementation/UnoFileExplorerService.cs b/src/Platforms/SecureFolderFS.Uno/ServiceImplementation/UnoFileExplorerService.cs
index 27a417164..a5f8d99e0 100644
--- a/src/Platforms/SecureFolderFS.Uno/ServiceImplementation/UnoFileExplorerService.cs
+++ b/src/Platforms/SecureFolderFS.Uno/ServiceImplementation/UnoFileExplorerService.cs
@@ -16,6 +16,12 @@ namespace SecureFolderFS.Uno.ServiceImplementation
     /// <inheritdoc cref="IFileExplorerService"/>
     internal sealed class UnoFileExplorerService : IFileExplorerService
     {
+        /// <inheritdoc/>
+        public Task<IEnumerable<IStorable>> PickGalleryItemsAsync(CancellationToken cancellationToken = default)
+        {
+            return Task.FromException<IEnumerable<IStorable>>(new NotSupportedException("Gallery picker is not supported on Uno."));
+        }
+
         /// <inheritdoc/>
         public async Task<IFile?> PickFileAsync(PickerOptions? options, bool offerPersistence = true, CancellationToken cancellationToken = default)
         {
diff --git a/src/Platforms/SecureFolderFS.Uno/UserControls/Widgets/AggregatedDataWidget.xaml b/src/Platforms/SecureFolderFS.Uno/UserControls/Widgets/AggregatedDataWidget.xaml
index db1167ae8..8c16aa0b6 100644
--- a/src/Platforms/SecureFolderFS.Uno/UserControls/Widgets/AggregatedDataWidget.xaml
+++ b/src/Platforms/SecureFolderFS.Uno/UserControls/Widgets/AggregatedDataWidget.xaml
@@ -8,7 +8,7 @@
     x:Name="HealthControl"
     mc:Ignorable="d">
 
-    <Grid ColumnSpacing="16">
+    <Grid Margin="0,8" ColumnSpacing="16">
         <Grid.ColumnDefinitions>
             <ColumnDefinition />
             <ColumnDefinition />
diff --git a/src/Platforms/SecureFolderFS.Uno/Views/Vault/VaultHealthPage.xaml b/src/Platforms/SecureFolderFS.Uno/Views/Vault/VaultHealthPage.xaml
index fea619946..759d859d6 100644
--- a/src/Platforms/SecureFolderFS.Uno/Views/Vault/VaultHealthPage.xaml
+++ b/src/Platforms/SecureFolderFS.Uno/Views/Vault/VaultHealthPage.xaml
@@ -346,9 +346,8 @@
             Grid.Row="1"
             Orientation="Horizontal"
             Spacing="8">
-            <!--<Button Width="124" Content="Ignore" />-->
             <Button
-                Width="124"
+                Padding="32,8"
                 Command="{x:Bind ViewModel.ResolveCommand, Mode=OneWay}"
                 Content="{l:ResourceString Rid=RepairAll}"
                 IsEnabled="{x:Bind ViewModel.CanResolve, Mode=OneWay}" />
diff --git a/src/Sdk/SecureFolderFS.Sdk/Services/IFileExplorerService.cs b/src/Sdk/SecureFolderFS.Sdk/Services/IFileExplorerService.cs
index b1b067607..d37bfc106 100644
--- a/src/Sdk/SecureFolderFS.Sdk/Services/IFileExplorerService.cs
+++ b/src/Sdk/SecureFolderFS.Sdk/Services/IFileExplorerService.cs
@@ -12,6 +12,13 @@ namespace SecureFolderFS.Sdk.Services
     /// </summary>
     public interface IFileExplorerService : IFilePicker, IFolderPicker
     {
+        /// <summary>
+        /// Awaits the user input and picks media items from the system gallery.
+        /// </summary>
+        /// <param name="cancellationToken">A <see cref="CancellationToken"/> that cancels this action.</param>
+        /// <returns>A <see cref="Task"/> that represents the asynchronous operation and returns picked media items.</returns>
+        Task<IEnumerable<IStorable>> PickGalleryItemsAsync(CancellationToken cancellationToken = default);
+
         /// <summary>
         /// Tries to open the provided <paramref name="folder"/> in platform's default file explorer.
         /// </summary>
diff --git a/src/Sdk/SecureFolderFS.Sdk/ViewModels/Controls/Authentication/IVaultOptionsProvider.cs b/src/Sdk/SecureFolderFS.Sdk/ViewModels/Controls/Authentication/IVaultOptionsProvider.cs
new file mode 100644
index 000000000..1a48d0f0a
--- /dev/null
+++ b/src/Sdk/SecureFolderFS.Sdk/ViewModels/Controls/Authentication/IVaultOptionsProvider.cs
@@ -0,0 +1,13 @@
+using SecureFolderFS.Shared.Models;
+
+namespace SecureFolderFS.Sdk.ViewModels.Controls.Authentication
+{
+    /// <summary>
+    /// Allows authentication view models to inject additional vault metadata during creation.
+    /// </summary>
+    public interface IVaultOptionsProvider
+    {
+        VaultOptions AmendVaultOptions(VaultOptions options);
+    }
+}
+
diff --git a/src/Sdk/SecureFolderFS.Sdk/ViewModels/Controls/Widgets/WidgetsListViewModel.cs b/src/Sdk/SecureFolderFS.Sdk/ViewModels/Controls/Widgets/WidgetsListViewModel.cs
index 4bd1f0cb2..0bb554170 100644
--- a/src/Sdk/SecureFolderFS.Sdk/ViewModels/Controls/Widgets/WidgetsListViewModel.cs
+++ b/src/Sdk/SecureFolderFS.Sdk/ViewModels/Controls/Widgets/WidgetsListViewModel.cs
@@ -123,7 +123,16 @@ private async Task AddWidgetAsync(AvailableWidgetViewModel? widget, Cancellation
                 return;
 
             _suppressCollectionChanged = true;
-            Widgets.Add(widgetViewModel.WithInitAsync());
+            var index = widget.WidgetId switch
+            {
+                Constants.Widgets.HEALTH_WIDGET_ID => 0,
+                Constants.Widgets.AGGREGATED_DATA_WIDGET_ID =>
+                    Widgets.Any(x => x.WidgetModel.WidgetId == Constants.Widgets.HEALTH_WIDGET_ID) ? 1 : 0,
+                Constants.Widgets.GRAPHS_WIDGET_ID => 2,
+                _ => int.MaxValue
+            };
+
+            Widgets.Insert(Math.Max(0, Math.Min(index, Widgets.Count)), widgetViewModel.WithInitAsync());
             AvailableWidgets.Remove(widget);
 
             await PersistWidgetOrderAsync();
diff --git a/src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Overlays/StorableTypeOverlayViewModel.cs b/src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Overlays/StorableTypeOverlayViewModel.cs
index 5ddbe41ec..2bf1b50e7 100644
--- a/src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Overlays/StorableTypeOverlayViewModel.cs
+++ b/src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Overlays/StorableTypeOverlayViewModel.cs
@@ -8,6 +8,8 @@ namespace SecureFolderFS.Sdk.ViewModels.Views.Overlays
     public sealed partial class StorableTypeOverlayViewModel : BaseDesignationViewModel
     {
         [ObservableProperty] private StorableType _StorableType;
+        [ObservableProperty] private bool _IncludeGallery;
+        [ObservableProperty] private string? _SelectedOption;
 
         public StorableTypeOverlayViewModel()
         {
diff --git a/src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Vault/BrowserViewModel.cs b/src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Vault/BrowserViewModel.cs
index 493c967cd..a97ed8149 100644
--- a/src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Vault/BrowserViewModel.cs
+++ b/src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Vault/BrowserViewModel.cs
@@ -257,7 +257,7 @@ protected virtual async Task NewItemAsync(string? itemType, CancellationToken ca
                     if (result.Aborted())
                         return;
 
-                    itemType = storableTypeViewModel.StorableType.ToString();
+                    itemType = storableTypeViewModel.SelectedOption ?? storableTypeViewModel.StorableType.ToString();
                 }
             }
 
@@ -298,12 +298,15 @@ protected virtual async Task ImportItemAsync(string? itemType, CancellationToken
 
             if (itemType is not ("Folder" or "File"))
             {
-                var storableTypeViewModel = new StorableTypeOverlayViewModel();
+                var storableTypeViewModel = new StorableTypeOverlayViewModel
+                {
+                    IncludeGallery = true
+                };
                 var result = await OverlayService.ShowAsync(storableTypeViewModel);
                 if (result.Aborted())
                     return;
 
-                itemType = storableTypeViewModel.StorableType.ToString();
+                itemType = storableTypeViewModel.SelectedOption ?? storableTypeViewModel.StorableType.ToString();
             }
 
             switch (itemType)
@@ -353,6 +356,29 @@ await TransferViewModel.TransferAsync([ folder ], async (item, reporter, token)
 
                     break;
                 }
+
+                case var t when t == "Gallery".ToLocalized():
+                {
+                    var galleryItems = (await FileExplorerService.PickGalleryItemsAsync(cancellationToken)).OfType<IFile>().ToArray();
+                    if (galleryItems.Length == 0)
+                        return;
+
+                    TransferViewModel.TransferType = TransferType.Copy;
+                    using var cts = TransferViewModel.GetCancellation(cancellationToken);
+                    await TransferViewModel.TransferAsync(galleryItems, async (item, token) =>
+                    {
+                        // Get available name to avoid collision
+                        var availableName = CollisionHelpers.GetAvailableName(item.Name, CurrentFolder.Items.Select(x => x.Inner.Name));
+
+                        // Copy
+                        var copiedFile = await modifiableFolder.CreateCopyOfAsync(item, false, availableName, token);
+
+                        // Add to destination
+                        CurrentFolder.Items.Insert(new FileViewModel(copiedFile, this, CurrentFolder), Layouts.GetSorter());
+                    }, cts.Token);
+
+                    break;
+                }
             }
         }
 
diff --git a/src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Vault/VaultHealthViewModel.cs b/src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Vault/VaultHealthViewModel.cs
index e75edcb62..ce355bb2d 100644
--- a/src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Vault/VaultHealthViewModel.cs
+++ b/src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Vault/VaultHealthViewModel.cs
@@ -180,6 +180,9 @@ private async void HealthModel_IssueFound(object? sender, HealthIssueEventArgs e
             if (e.Result.Successful || e.Storable is null)
                 return;
 
+            if (e.Result.Exception is TaskCanceledException or OperationCanceledException)
+                return;
+
             if (e.Result is IResult<(IResult, IResult)> aggregateResult)
             {
                 var result1 = aggregateResult.Value.Item1;
diff --git a/src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Wizard/CredentialsWizardViewModel.cs b/src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Wizard/CredentialsWizardViewModel.cs
index 9ad389160..739a802be 100644
--- a/src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Wizard/CredentialsWizardViewModel.cs
+++ b/src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Wizard/CredentialsWizardViewModel.cs
@@ -91,6 +91,9 @@ public async Task<IResult> TryContinueAsync(CancellationToken cancellationToken)
                     VaultId = _vaultId
                 };
 
+                if (RegisterViewModel.CurrentViewModel is IVaultOptionsProvider optionsProvider)
+                    vaultOptions = optionsProvider.AmendVaultOptions(vaultOptions);
+
                 // Create the vault
                 var unlockContract = await VaultManagerService.CreateAsync(
                     modifiableFolder,
diff --git a/src/Shared/SecureFolderFS.Shared/Models/AppPlatformVaultOptions.cs b/src/Shared/SecureFolderFS.Shared/Models/AppPlatformVaultOptions.cs
new file mode 100644
index 000000000..c6861a165
--- /dev/null
+++ b/src/Shared/SecureFolderFS.Shared/Models/AppPlatformVaultOptions.cs
@@ -0,0 +1,28 @@
+using System;
+using System.Text.Json.Serialization;
+
+namespace SecureFolderFS.Shared.Models
+{
+    /// <summary>
+    /// Stores broker metadata required to resolve vault keys through App Platform.
+    /// </summary>
+    [Serializable]
+    public sealed record class AppPlatformVaultOptions
+    {
+        [JsonPropertyName("serverUrl")]
+        public required string ServerUrl { get; init; }
+
+        [JsonPropertyName("vaultResource")]
+        public required string VaultResource { get; init; }
+
+        [JsonPropertyName("organization")]
+        public string? Organization { get; init; }
+
+        [JsonPropertyName("accessTokenEndpoint")]
+        public string AccessTokenEndpoint { get; init; } = "/api/app-platform/access-token";
+
+        [JsonPropertyName("deviceRegistrationEndpoint")]
+        public string DeviceRegistrationEndpoint { get; init; } = "/api/app-platform/devices";
+    }
+}
+
diff --git a/src/Shared/SecureFolderFS.Shared/Models/VaultOptions.cs b/src/Shared/SecureFolderFS.Shared/Models/VaultOptions.cs
index 213118da1..9750831ef 100644
--- a/src/Shared/SecureFolderFS.Shared/Models/VaultOptions.cs
+++ b/src/Shared/SecureFolderFS.Shared/Models/VaultOptions.cs
@@ -44,5 +44,10 @@ public sealed record class VaultOptions
         /// Gets the version format of the vault.
         /// </summary>
         public int Version { get; init; }
+
+        /// <summary>
+        /// Gets App Platform metadata when the vault is managed by a key broker.
+        /// </summary>
+        public AppPlatformVaultOptions? AppPlatform { get; init; }
     }
 }
\ No newline at end of file
diff --git a/src/Shared/SecureFolderFS.Storage/MemoryStorageEx/MemoryFileEx.cs b/src/Shared/SecureFolderFS.Storage/MemoryStorageEx/MemoryFileEx.cs
index a091e63d8..ac7af198f 100644
--- a/src/Shared/SecureFolderFS.Storage/MemoryStorageEx/MemoryFileEx.cs
+++ b/src/Shared/SecureFolderFS.Storage/MemoryStorageEx/MemoryFileEx.cs
@@ -21,6 +21,12 @@ public MemoryFileEx(MemoryStream memoryStream, MemoryFolder? parent, IStreamSour
             InternalStream = memoryStream;
         }
 
+        public MemoryFileEx(string id, string name, MemoryStream memoryStream)
+            : base(id, name, memoryStream)
+        {
+            InternalStream = memoryStream;
+        }
+
         public MemoryFileEx(string id, string name, MemoryStream memoryStream, MemoryFolder? parent, IStreamSource? streamSource = null)
             : base(id, name, memoryStream)
         {
diff --git a/tests/SecureFolderFS.Tests/ServiceImplementation/MockFileExplorerService.cs b/tests/SecureFolderFS.Tests/ServiceImplementation/MockFileExplorerService.cs
index bc3426d36..12585fb29 100644
--- a/tests/SecureFolderFS.Tests/ServiceImplementation/MockFileExplorerService.cs
+++ b/tests/SecureFolderFS.Tests/ServiceImplementation/MockFileExplorerService.cs
@@ -7,6 +7,15 @@ namespace SecureFolderFS.Tests.ServiceImplementation
 {
     internal sealed class MockFileExplorerService : IFileExplorerService
     {
+        /// <inheritdoc/>
+        public async Task<IEnumerable<IStorable>> PickGalleryItemsAsync(CancellationToken cancellationToken = default)
+        {
+            await Task.CompletedTask;
+            var guid = Guid.NewGuid().ToString();
+
+            return [ new MemoryFileEx(guid, guid, new(), null) ];
+        }
+
         /// <inheritdoc/>
         public async Task<IFile?> PickFileAsync(PickerOptions? options, bool offerPersistence = true, CancellationToken cancellationToken = default)
         {