Common is committed to the highest standards of security in web3. That’s why we’ve partnered with one of the industry’s leading security firms, Kudelski Security, to perform an in-depth review of the Common Mobile before its official release.
Common Mobile App’s security model
The security of your assets is paramount for any wallet. This translates into two main objectives: secure storage of your keys on the device, and ensuring that only you can sign transactions and review your financial data.
To achieve this, Common Mobile uses your device’s Trusted Execution Environment (TEE) to encrypt the data the app stores on your device. This data is only available once you unlock the app using biometric features such as Face ID or a fingerprint scan, or for a more old-fashioned experience, a 4 or 6-digit PIN.
Such an approach ensures that the keys to your accounts remain securely encrypted using a hardware cryptography chip on your device as the TEE, offering strong protection against unauthorized access.
Security audit findings
To verify our implementation of these security measures, we partnered with Kudelski Security for a thorough audit. The audit focused on key aspects such as cryptographic key management, secure data storage, robust encryption techniques, and secure biometric access.
Kudelski Security conducted a Secure Code Review of the application’s TypeScript files in the corresponding Github repository from 19 February 2025 to 6 March 2025. Its objectives were:
- Providing an assessment of their overall security and any potential risks.
- Provide a professional opinion on the maturity, adequacy, and efficiency of the security measures that are in place.
- Identify potential issues and include improvement recommendations based on the results of our tests.
The review concluded with a minor observation classified as a negligible issue and easily amended by the development team. Additionally, the Kudelski team noted the careful and in-depth analysis of the project and that the repository was well-structured with high-quality code.
We are dedicated to transparency, so the full security public audit is available for you here.
Who are Kudelski Security?
Kudelski is a well-established player in cybersecurity with a reputation that precedes the crypto industry. The firm is known for its strong capabilities in cryptography and counts with experts who rigorously evaluate cryptographic protocols, smart contracts, and blockchain infrastructures, identifying both known and novel vulnerabilities.
As one of the leading cybersecurity firms, Kudelski consistently partners with important projects, including Solana, Crypto.com, and Ledger.
Common’s commitment to security
The launch for the Common Mobile app is just around the corner and off to a strong start. Kudelski’s audit confirms that its commitment to privacy, security, and data confidentiality exist both onchain and offchain.
Stay on the lookout for the next audit report covering the shielding features and get ready for secure, confidential, and portable DeFi!
