Trustee Plus

We express our gratitude to the Trustee Plus team for the collaborative engagement that enabled the execution of this Pentest.

Trustee Plus is a platform that provides a full range of services and tools for working with crypto assets. Founded in 2016 by a group of crypto enthusiasts, the company aims to unlock the potential of cryptocurrency technology. Trustee's infrastructure seamlessly integrates digital finance with the traditional financial system and is available globally.

The system users should acknowledge all the risks summed up in the risks section of the report

Executive Summary

This threat model provides an overview of the security assessment conducted on the Trustee Plus Android application. The goal of this evaluation was to identify vulnerabilities and assess the security posture of the application against common penetration testing techniques, including static and dynamic analysis, reverse engineering, and data leakage risks.

During our assessment, several vulnerabilities were identified, ranging from medium to low severity. The primary areas of concern include SSL Pinning Bypass, Clear Text Traffic Enabled, Insecure FileProvider Paths Configuration, GraphQL Introspection Query Exposure, and exposure of the original IP address. Addressing these vulnerabilities will enhance the application's resilience against potential attacks.

Methodology

The evaluation was performed using a combination of static analysis (analyzing the APK structure, permissions, manifest configurations, and code obfuscation) and dynamic analysis (monitoring application behavior in real-time and testing against different attack vectors). The security controls were evaluated to determine their effectiveness against tampering, debugging, and sensitive data leakage.

Key Findings

1\. Exposure of Original IP Address (Medium, 6.9)

• The application exposes the original IP address of users, which can lead to privacy concerns and tracking risks.

• Attackers may exploit this vulnerability to perform reconnaissance or targeted attacks.

• Recommendation: Implement IP masking techniques, use VPN proxies, and restrict sensitive logs.

2\. SSL Pinning Bypass (Medium, 6.9)

• The application implements SSL pinning but is vulnerable to bypass techniques.

• Attackers can intercept encrypted traffic, leading to potential data exposure.

• Recommendation: Enforce stronger SSL pinning mechanisms, implement certificate validation at multiple layers, and consider hardware-backed security measures.

3\. Clear Text Traffic Enabled (Low, 2.3)

• The application allows unencrypted HTTP traffic, which increases the risk of man-in-the-middle (MITM) attacks.

• Recommendation: Disable cleartext traffic by enforcing HTTPS for all communications using the android:usesCleartextTraffic="false" directive in the manifest.

4\. Insecure FileProvider Paths Configuration (Low, 2.3)

• The application has misconfigured FileProvider paths, potentially exposing sensitive files.

• Recommendation: Restrict access to FileProvider paths and ensure that only required components have access.

5\. GraphQL Introspection Query Exposure (Low, 2.3)

• The application exposes the GraphQL introspection query, allowing attackers to enumerate API endpoints and gain insight into backend structures.

• Recommendation: Disable introspection queries in production, implement authentication checks for API access, and restrict excessive data exposure.

Conclusion

The security evaluation of the Trustee Plus Android application identified several vulnerabilities that could be exploited by attackers. While none of the issues were classified as critical, medium-risk vulnerabilities like SSL Pinning Bypass and Original IP Address Exposure pose significant threats to data security and user privacy.

To improve security, it is recommended to:

• Strengthen SSL pinning mechanisms and prevent bypass techniques.

• Disable cleartext traffic to enforce encrypted communication.

• Secure FileProvider paths to prevent unauthorized access to sensitive data.

• Restrict GraphQL introspection queries to minimize API enumeration risks.

• Implement logging best practices to avoid exposing user IP addresses.

By addressing these findings, the Trustee Plus Android application can significantly enhance its security posture and mitigate potential attack vectors.

The audited mobile application is a crypto financial trading platform that provides users with functionalities such as account management, real-time market data, trade execution, and secure transactions. The app is developed for Android platform, utilizing a client-server architecture for communication with backend services.

Assets in Scope