A cryptocurrency wallet app is a piece of software managing, storing, and generating private keys of cryptocurrency accounts. With the provision of services such as easy access to transaction history, checking account balance besides transmissions of new transactions in distributed networks such as Blockchains, cryptocurrency wallet apps gain unprecedented popularity which in turns attract malicious actors to attack users resulting loss of cryptcurrency assets and leakage of sensitive user data.
This paper presents the first large-scale study of Android cryptocurrency wallet apps. We surveyed apps on Google Play to detect and extract meta-data and application packages of 457 cryptocurrency wallet apps. We perform several passive and active measurements designed to investigate the security and privacy features to study the behaviour of cryptocurrency wallet apps.
Our analysis includes investigation of cryptocurrency wallets apps’ third-party embedding, malware presences, and exfiltration of users’ sensitive data to third-parties. Our analysis reveals vulnerabilities and privacy issues in cryptocurrency apps including the insecure use of HTTP to serve transactions.
A sample of dataset and scripts used in this paper is hosted at on Google Drive. You can contact us on the following email for if you want to use our collected dataset, analysis scripts, or interested in our full paper.
wallet.apps2021 [at] gmail.com
To be added upon acceptance of the paper.