Privacy and Security analysis of cryptocurrency mobile applications
Abstract
Subsequent to the introduction of Bitcoin, the field of cryptocurrency has seen unprecedented growth. Mobile applications known as wallets often facilitate user interaction to these cryptocurrencies.
With a perceived real world value these wallets are a target for attackers. Unlike mainstream financial services applications, cryptocurrency wallets are not subject to the same stringent security requirements of their regulated counterparts.
In this paper, we examine the security profiles of commonly used Android cryptocurrency applications. We examine these applications for common vulnerabilities outlined by OWASP mobile top 10. We establish a baseline for our tests by evaluating commonly used banking and trading applications. We compare the results from our baseline test and establish the state of security provided by cryptocurrency wallet applications.
The paper also examines the possible privacy implications of mobile applications. We report that the conventional financial services applications are only marginally better than cryptocurrency application in security provisions but they provide greater privacy.
Full conference paper will be presented at the Conference on Mobile and Secure Services between 2nd and 3rd March, 2019 at Miami Beach, Carillon Hotel, Gainesville, USA.
