Least Authority Audits MetaMask’s Mobile App
Least Authority conducted a security audit of the MetaMask mobile application, a wallet and developer tool for applications built on Ethereum. MetaMask allows users to browse the web and interact with Ethereum applications, sign messages and transactions, and securely manage and store their private keys and assets.
The mobile application is built in React Native within a single codebase for both iOS and Android platforms. MetaMask previously built and released a web extension providing the same functionality, which is included within the mobile application.
The audit was performed from February 18 - March 7, 2019, by Emery Rose and Dominic Tarr, with dedicated project management support by Hind Abu-Amr. The initial report was issued on March 8, 2019.
A final report was issued following the discussion and verification phase on April 9, 2019.