[PT] CoinEx / Android / Mar2025

CoinEx

Audit name:

[PT] CoinEx / Android / Mar2025

Date:

Mar 25, 2025

Table of Content

→Introduction

→Audit Summary

→System Overview

→Findings

→Appendix 1. Severity Definitions

→Appendix 2. Scope

→Disclaimer

Want a comprehensive audit report like this?

Introduction

We express our gratitude to the CoinEx team for the collaborative engagement that enabled the execution of this Pentest.

CoinEx is a global and professional digital coin exchange service provider, founded in December 2017. Operating as a sub-brand of ViaBTC (Viabtc Technology Limited), CoinEx is dedicated to building a highly secure, stable, and efficient digital coin exchange for global users

Document
Name	Pentest and Security Analysis Report for CoinEx
Audited By	Sam Ronald
Approved By	Stephen Ajayi
Website	https://www.coinex.com/→
Changelog	17/03/2025 - Preliminary Report
Changelog	25/03/2025 - Final Report
Platform	Android
Language	Java
Tags	Pentest
Methodology	https://hackenio.cc/pentest_methodology→

Document
Name
Pentest and Security Analysis Report for CoinEx
Audited By
Sam Ronald
Approved By
Stephen Ajayi
Website
https://www.coinex.com/→
Changelog
17/03/2025 - Preliminary Report
Changelog
25/03/2025 - Final Report
Platform
Android
Language
Java
Tags
Pentest
Methodology
https://hackenio.cc/pentest_methodology→

Review Scope
Android	https://play.google.com/store/apps/details?id=com.coinex.trade.play&hl=en→
Version	3.43.2

Review Scope
Android
https://play.google.com/store/apps/details?id=com.coinex.trade.play&hl=en→
Version
3.43.2

Protect your dApp with insights like these.

Audit Summary

3Total Findings

1Resolved

2Accepted

0Mitigated

2low

1observation

The system users should acknowledge all the risks summed up in the risks section of the report

System Overview

The CoinEx Android application offers a comprehensive platform for cryptocurrency trading, enabling users to manage their digital assets seamlessly on mobile devices.

Key Features:

Extensive Cryptocurrency Support: Users can trade a vast selection of cryptocurrencies, including popular options like BTC, ETH, DOGE, LTC, and XRP, directly through the mobile app. coinex.com →
Diverse Trading Options: The app facilitates various trading methods, such as spot trading, margin trading, and futures trading, allowing users to tailor their strategies to market conditions. support.coinex.com →
User-Friendly Interface: Designed for both novice and experienced traders, the app features an intuitive interface that simplifies navigation and enhances the trading experience.
Real-Time Market Data: Users have access to timely market feeds and in-depth market analysis, empowering them to make informed trading decisions. coinex.com+1coinex.com+1 →
Security Measures: The application incorporates robust security protocols to protect user assets and personal information, aligning with CoinEx's commitment to a secure trading environment.
Futures Demo Trading: To assist users in mastering futures trading without financial risk, the app offers a demo trading feature that simulates real market conditions.

Findings

Code ―	Title	Status	Severity
F-2025-9168	Insecure Cleartext Traffic Usage	fixed	Low
F-2025-9134	SSL Pinning Bypass	accepted	Low
F-2025-9165	Predictable Pseudorandom Number Generator (PRNG)	accepted	Observation

1-3 of 3 findings

Uncover findings like these to secure your project.

Appendix 1. Severity Definitions

Severity	Description
Critical	These issues present a major security vulnerability that poses a severe risk to the system. They require immediate attention and must be resolved to prevent a potential security breach or other significant harm.
High	These issues present a significant risk to the system, but may not require immediate attention. They should be addressed in a timely manner to reduce the risk of the potential security breach.
Medium	These issues present a moderate risk to the system and cannot have a great impact on its function. They should be addressed in a reasonable time frame, but may not require immediate attention.
Low	These issues present no risk to the system and typically relate to the code quality problems or general recommendations. They do not require immediate attention and should be viewed as a minor recommendation.

Severity
Critical
Description
These issues present a major security vulnerability that poses a severe risk to the system. They require immediate attention and must be resolved to prevent a potential security breach or other significant harm.
Severity
High
Description
These issues present a significant risk to the system, but may not require immediate attention. They should be addressed in a timely manner to reduce the risk of the potential security breach.
Severity
Medium
Description
These issues present a moderate risk to the system and cannot have a great impact on its function. They should be addressed in a reasonable time frame, but may not require immediate attention.
Severity
Low
Description
These issues present no risk to the system and typically relate to the code quality problems or general recommendations. They do not require immediate attention and should be viewed as a minor recommendation.

Appendix 2. Scope

The scope of the project includes the following:

Scope Details
Android	https://play.google.com/store/apps/details?id=com.coinex.trade.play&hl=en→
Version	3.43.2

Scope Details
Android
https://play.google.com/store/apps/details?id=com.coinex.trade.play&hl=en→
Version
3.43.2

Disclaimer

Hacken Disclaimer

Technical Disclaimer

Hacken Extractor