Cointime

Cointime

Download App
iOS & Android

Web3 Mobile Wallet Apps: A Secret Key Protection Perspective

CertiK

Validated Project

The security of private keys and mnemonic phrases is of paramount importance in the world of cryptocurrency, as they grant access to one's digital assets and their loss or theft can lead to financial ruin. With the rise of mobile wallet apps in the Web3 space, it's crucial to understand the various security mechanisms that are in place to protect these keys.

This blog summarizes the different levels of security protection offered by web3 mobile wallet apps, and examines how they are implemented in practice by looking at nine popular open-source mobile wallets. We explore the range of security measures, from simple passcode protection to hardware-supported trusted execution environments.

Through our research, we found that some of these security protection mechanisms can effectively address some common attack patterns towards private key stealing. However, we also found that threats from the system level, such as root-based exploitation, are largely ignored. This highlights the importance of users being cautious about trusting the levels of protection offered by wallet apps on mobile devices.

The Heart of Wallet Security: Private Key Protection

The most important asset that a mobile wallet app has is the private key or mnemonic phrase. Consequently, the most severe threat that a mobile wallet app faces is the leakage of their private key or mnemonic phrase as it represents the loss of all user’s assets. To properly mitigate such threats, a well designed mobile wallet app should have a systematic way to protect the private keys at both storage time and in-use time.

In particular, we summarize the common practices that cryptocurrency wallets use on Android mobile devices in the above table. The table provides a useful summary of the common practices used by cryptocurrency wallets on Android mobile devices to protect private keys and mnemonic phrases. Each level of security practice is listed in order of increasing security level and includes the corresponding threats that it cannot fully address. By studying nine popular open-source cryptocurrency wallets, we were able to categorize them into their associated security levels and gain a better understanding of how these practices are used in real-world applications. The figure below shows the name of these mobile wallet apps and the number of times they have been downloaded from the Google Play Store.

Wallet Security: From S0 to S4

In this section, we will provide a brief overview of each security practice and how they are implemented on different applications. This will include a discussion of the strengths and weaknesses of each practice, as well as an examination of how attackers can still bypass these mitigations with different attack vectors.

S0 (No Storage Protection)

The S0 level of security practice stores all user private information locally within the application’s storage space, including private key, mnemonic phrase, etc. This prevents non-privileged users or applications from accessing the storage file directly. However, S0 level protection does not encrypt the storage file at all, meaning the user's secret exists in the storage file as plain text. Any privileged user or application can access this storage file and extract the user's private key to fully control the user's wallet.

Bitcoin Wallet Recovery from Serialized Protobuf File

It is worth noting that gaining privileged access on Android devices is not an impossible task. Apart from users choosing to root their device actively and further get abused by malicious applications, cyber criminals leveraging vulnerabilities to gain privilege is also an emerging threat on Android devices. For example, in 2021, security researchers at the Lookout Threat Lab found Android malware “AbstractEmu”, which takes advantage of multiple vulnerabilities to obtain the root access to interact with finance applications. There are also multiple presentations from 360 Alpha Lab showing how to achieve one-click remote attack to gain root access on recent Android devices.

Simple Bitcoin Wallet Recovery from Sqlite Database

To demonstrate the potential vulnerability of using S0 level protection, we conducted a test by installing popular wallets like Bitcoin Wallet and Simple Bitcoin Wallet on a rooted Android device. With root access, we were able to easily read the key storage files of these wallets and extract the user's mnemonic phrase, as shown in the above screenshots.

S1 (Passcode Encryption)

The S1 level of security practice uses a user-defined passcode to encrypt the storage file containing private keys and mnemonic phrases. This prevents non-privileged users or applications from accessing the storage file directly. However, the storage file must be decrypted when the application starts, and a privileged user or application can inject into the wallet and capture the encryption password. This can allow them to dump the key storage file and decrypt it locally.

To demonstrate the potential vulnerability of using S1 level protection, we conducted a test by installing the popular open-source wallet Samourai on a rooted Android device. Using Frida, a popular instrumentation tool, we were able to reveal the encryption password and further access the user's private keys and mnemonic phrases. It's worth noting that although the Samourai wallet attempts to detect if the device is rooted, it was not effective in our experiments.

Samourai Application Injection Attack Demonstration

S2 (Keystore (Trustzone))

To prevent the key storage file encryption key from being compromised by malicious actors, some wallet apps, such as Metamask, use the Android Keystore System to generate and use the encryption key. The Keystore system is backed by a trusted application that runs in the Trusted Execution Environment (TEE) on the Android system. This environment is isolated from the main operating system and is protected by hardware-based security features. By using the Keystore System, the encryption/decryption of the storage file happens in the TEE, making it less likely for the encryption key to be leaked. However, the Keystore System does not provide the blockchain-associated APIs, such as transaction signing or verification. As a result, the wallets still need to have the decrypted user's private keys in memory, making it vulnerable to privileged attackers who can dump the application memory and extract the private keys.

S3 (Keystore (Trustzone) + Root Detection)

To improve the security of S2 level protection, some wallet apps add an additional layer of security by checking if the mobile device has been rooted. This helps ensure the integrity of the device, as a rooted device may have been compromised by a malicious attacker. For example, the Airgap Vault wallet uses the Keystore System to protect the user's encryption key, but also checks if the device has been rooted while it runs. If the device is found to be rooted, the Airgap Vault wallet refuses to run, maximizing the protection level. This added layer of security provides an extra level of protection against malicious attackers who may have gained root access to the device.

Airgap Vault Root Detection

S4 (Dedicated TEE TA)

The highest level of security practice in the mobile wallet apps is the use of a dedicated Trusted Execution Environment (TEE) to store and handle private key information. This is implemented by installing a specialized TEE-based Trusted Application (TA) on the device. For example, this protection method is currently used by Samsung Blockchain App on certain high-end Samsung smartphones. This approach provides an extra layer of protection, as the private key information is stored in and handled by the TEE, which is isolated from the main operating system and can only be accessed by vendor-approved code. Even a privileged user or application cannot directly access this information. However, the limitation of this approach is that it requires the smartphone manufacturers to provide specific interfaces for wallet developers to utilize the TEE.

Some Additional Thoughts on Mobile Wallet App Security

In S3 level protection, we mentioned root detection can be used in conjunction with the Keystore System to protect user’s private information. Note that we believe root detection is an important aspect in ensuring the device remains in its basic integrity, and should be implemented in conjunction with any security practice to ensure higher level of protection. However, it's important to note that root detection techniques can vary and may not always be effective. For example, while the Airgap Vault root detection worked well on our test device, the Samourai wallet failed to detect the rooted environment.

Furthermore, this study covers only the software wallet apps on mobile devices without any additional hardware implementation. Both hardware-based web3 wallets and cold wallet security offer attractive security features, and they both worth a separate article to cover.

In practice, we believe mobile wallet apps will continue to increase their user base due to their ease-of-use. Wallet developers should leverage the TrustZone design (which exists on most Android mobile devices) already to provide the maximum level of security to wallet users.

Summary

In this blog, we analyzed the threats that Web3 wallet apps face on mobile devices. In particular, we focused on private keys are stored and associated potential threats. We analyzed nine different popular wallet apps and revealed the level of security each adopts. We found that most major wallets use hardware backed key protection techniques to resolve the key storage issue, such as the Keystore System on Android.

However, we noticed that most wallets do not check if devices are rooted, which may result in security issues while performing private key operations in memory. Apart from the five levels of security practices we summarized in this blog, we believe the wallet developers also should pay attention to how to fully utilize the TrustZone design on Android systems to better mitigate the common risks. We will continue to cover this topic in future blogs and assist developers to better protect users’ assets.

Read more: https://www.certik.com/resources/blog/4YByvvbbq8vCj1dxdulTXr-web3-mobile-wallet-apps-a-secret-key-protection-perspective

Web3 Cryptocurrency
Comments

All Comments

Recommended for you

  • Trump: I don't expect a third term as president

    President Trump said, "I do not look forward to a third term as president."

  • BTC falls below $95,500

    the market shows that BTC has fallen below $95,500, now trading at $95,494.83, with a 24-hour decline of 0.63%. The market fluctuates greatly, so please be prepared for risk control.

  • BTC breaks through $97,000

    the market shows BTC breaking through $97,000, now trading at $97,011.43, with a 24-hour increase of 0.85%. The market is volatile, please manage risks.

  • The JuCoin ecological project JuChain has been launched on the main network, and the public chain co construction summit will be held. The ecological debut protocol is Butterfly

    Cointime News:JuCoin's self-developed public chain JuChain has been launched on the main network. The JuChain Public Chain Co construction Summit initiated by JuCoin will be held on May 15, 2025 in Bangkok, Thailand. The conference will release the first ecological agreement--

  • BTC breaks through $96,000

    the market shows that BTC has broken through $96,000 and is now trading at $96,014.98, with a 24-hour increase of 1.15%. The market fluctuates greatly, so please manage your risks well.

  • JuCoin CEO: UX design in the encryption industry needs to pay attention to user emotional details to enhance user experience

    Cointime News: JuCoin CEO Sammi Li delivered a keynote speech at the TOKEN2049 conference, analyzing the current challenges in user experience (UX) design in the cryptocurrency industry. Sammi Li believes that the existing encryption product experience fails to effectively empathize with users, often leading to usage anxiety, which hinders the large-scale adoption of Web3. Combining her rich experience in the luxury goods industry, she emphasizes that building trust relies on paying attention to user emotions and critical moments of interaction, and constructing it through details rather than simply technical presentations. JuCoin is applying these user centered design principles to its Web3 ecosystem construction, aiming to lower user barriers and enhance user experience by optimizing JuChain and related product designs. It calls on the encryption industry to think together and place user experience at a more core position.

  • Xiongan New Area: Combining blockchain with digital RMB to launch "Digital Currency Loan" product, with payment amount of nearly 100 million yuan

    On January 11th, according to the Xiong'an Public Account, the digital RMB pilot in Xiong'an New Area has achieved new results. The first digital RMB tax payment transaction in the financial field has been completed, and self-service tax terminals have been developed. The "blockchain + digital RMB" technology is applied to government procurement management, increasing the proportion of advance payment and landing multiple applications to solve corporate problems. In 2024, the People's Bank of China Xiong'an New Area Branch, together with the Xiong'an New Area Reform and Development Bureau, will launch the "Implementation Plan for the Deepening of the Pilot Work of Digital RMB in the Rongdong Area", to enhance public awareness. By combining blockchain with digital RMB, the "digital currency loan" product will be launched, with a payment amount of nearly 100 million yuan.

  • Web3 data and AI company Validation Cloud completes $10 million in new round of financing

     Web3 data and AI company Validation Cloud announced a $10 million financing round from True Global Ventures. The company plans to use the funds to expand its AI products and achieve seamless access to Web3 data.

  • ZachXBT: Suspected insiders made $3.8 million in profits on RTR

    On August 10th, Chain Detective ZachXBT posted on social media that 4 addresses made a profit of $3.8 million in the RTR sell-off, with the 9G1ELG and GHoW2 addresses belonging to the same person and receiving 500 SOL in new funds within minutes after the TGE. Previously, it was reported that Restore The Republic (RTR) had its TGE on the evening of August 8th, with rumors circulating in the community that it was related to a new project by the Trump family. The RTR token reached a high of $0.156 on August 9th at midnight. Afterwards, Eric Trump, the current Executive Vice President of the Trump Organization and son of Donald Trump, warned on social media to "be careful of false tokens" and that the only official Trump project has yet to be announced and will be announced on Twitter first. After the statement was released, RTR quickly dropped by about 95%, with a trading volume of $164 million within just 15 hours of its creation.

  • The U.S. Internal Revenue Service has released a new draft of the crypto tax form, which no longer requires filling in wallet addresses and transaction IDs

    The US Internal Revenue Service (IRS) released an updated draft version of tax form 1099-DA for cryptocurrency brokers and investors to report certain transaction income. The public has 30 days to provide feedback to the IRS on this version. Starting in 2026, cryptocurrency investors who use brokers (currently mainly Coinbase and Kraken, among others) will receive 1099-DAs from these brokers to report certain cryptocurrency sales and trades as taxable events to the IRS. IRS officials say this form will "bring more convenience and clarity" to users who pay US cryptocurrency taxes.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company
Cointime

Hot Coins

Trending