Security Audit Report
Audit Overview
An internal security audit was conducted on February 15, 2026 covering all three components of the SecureCall platform: the Android client (Kotlin), the Rust cryptographic engine, and the Node.js signaling backend. The audit examined code quality, cryptographic correctness, transport security, authentication mechanisms, and resilience against known attack vectors.
Findings Overview
| Severity | Android Client | Rust Crypto | Backend Server | Total |
|---|---|---|---|---|
| Critical | 4 | 1 | 2 | 7 |
| High | 6 | 3 | 9 | 18 |
| Medium | 8 | 5 | 10 | 23 |
| Total | 18 | 9 | 21 | 48 |
Remediation Status
All 18 High findings: Fixed and verified
23 Medium findings: Filed as GitHub Issues for tracking and scheduled remediation
Critical Vulnerability Details
The following seven critical vulnerabilities were identified during the audit. All have been remediated and verified through code review and regression testing. Each finding represented a direct threat to the confidentiality or integrity of encrypted communications.
| ID | Component | Issue | Fix |
|---|---|---|---|
C-01 |
Android | Encryption stubs were no-op (plaintext transmitted) | Replaced with real Rust-backed implementations via JNI bridge |
C-02 |
Android | Silent plaintext fallback when crypto library unavailable | Removed fallback path entirely; app now fails safely if crypto is unavailable |
C-03 |
Android | FakeX25519 stub with non-cryptographic key derivation |
Real X25519 via FFI bridge, proper HKDF-SHA256 key derivation |
C-04 |
Android | Hardcoded ws://localhost WebSocket endpoint |
Build-config WSS URLs with per-flavor configuration |
RC-01 |
Rust | Buffer overflow in FFI encrypt/decrypt functions | Added output buffer capacity validation before all ptr::copy_nonoverlapping calls |
BC-01 |
Backend | Hardcoded TURN server credentials in source code | Environment variables required; server fails to start without them |
BC-02 |
Backend | Unauthenticated debug endpoints exposed in production | Debug endpoints removed entirely from production builds |
Android Client Remediations
The Android client underwent the most extensive remediation effort, addressing four critical and six high-severity findings. The core issue was that encryption stubs from early development had not been fully replaced with production implementations.
- All crypto stubs replaced with real implementations backed by the Rust native library (
libcore_crypto.so) - Plaintext fallback paths removed entirely — the app will not function if the crypto engine fails to load
FakeX25519class replaced with actual X25519 key exchange via the FFI bridge- WebSocket endpoint now configurable via
BuildConfigwith WSS (TLS) enforcement for all flavors java.util.Randomreplaced withjava.security.SecureRandomin all security-sensitive contexts- Key zeroization added throughout the codebase — ephemeral keys are cleared from memory after use
- Replay detection enforced with boolean return values (previously void, silently ignoring replays)
- Nonce overflow now throws
SecurityExceptioninstead of wrapping to zero
Rust Crypto Engine Remediations
The Rust crypto engine had one critical and three high-severity findings, primarily related to memory safety at the FFI boundary and incomplete key zeroization.
- Output buffer capacity validation added before all
ptr::copy_nonoverlappingoperations in FFI functions #[zeroize(skip)]annotation removed fromaead_keyfield — key material is now properly zeroized on drop- All FFI intermediate values wrapped in
Zeroizing<>containers to prevent key material from remaining in memory ZeroizeOnDropderive macro added toIdentityKeyPairfor automatic cleanup
Backend Server Remediations
The backend server had two critical and nine high-severity findings. The critical issues were hardcoded credentials and exposed debug endpoints. High-severity findings covered authentication gaps and missing rate limiting.
- Hardcoded TURN credentials removed — server now requires environment variables and fails to start without them
- Debug endpoints (status dumps, connection listings, test routes) removed entirely from the codebase
- Authentication added to Public Key Directory (PKD) and WebSocket signaling paths
- Origin validation implemented to prevent cross-origin WebSocket hijacking
maxPayloadlimit set to 64 KB to prevent denial-of-service via oversized messages- Rate limiting implemented on all public endpoints
- Call participant verification added — only registered users can join call rooms
- Per-IP connection limits enforced to prevent resource exhaustion attacks
Medium-Severity Findings
All 23 medium-severity findings have been documented and filed as GitHub Issues for tracking. These items represent defense-in-depth improvements that do not pose immediate security risks but should be addressed in upcoming development cycles.
| Component | Count | Issue Range |
|---|---|---|
| Android Client | 8 findings | #101 — #108 |
| Rust Crypto | 5 findings | #201 — #205 |
| Backend Server | 10 findings | #301 — #310 |
Full Cross-Device Emulation Test Results
Comprehensive field test conducted on 3 physical Samsung devices across all 3 subscription tiers. Every feature tested systematically with pass/fail logging.
Test Environment
| Device | Model | Tier | Phone Number | Android |
|---|---|---|---|---|
| S10 | Galaxy S10 (RF8N313QMFL) | Premium | +4915231794100 | Android 12 |
| S7 | Galaxy S7 (ce10160adc00152604) | Free | +4915203487046 | Android 8 |
| Tab S4 | Galaxy Tab S4 (ce12182c68644439037e) | Pro | +491752536807 | Android 10 |
Phase 1 — Connection Stability
| Test | Description | Result |
|---|---|---|
| 1.1 | All 3 devices connected with green "Connected" indicator | PASS |
| 1.2 | 60-second monitoring — zero WebSocket disconnects on all devices | PASS |
| 1.3 | All devices registered with correct phone numbers on server | PASS |
Phase 2 — Call Signaling
| Test | Direction | Result |
|---|---|---|
| 2.1 | S10 → S7: Phone lookup, CALL_INVITE, ring, accept, audio, end | PASS |
| 2.2 | S7 → S10: Reverse direction | PASS |
| 2.3 | S10 → S4: Cross-tier (Premium → Pro) | PASS |
| 2.4 | S4 → S10: Reverse direction | PASS |
| 2.5 | S7 → S4: Cross-tier (Free → Pro), full signaling verified | PASS |
| 2.6 | S4 → S7: Reverse direction | PASS |
Phase 3 — Call Edge Cases
| Test | Scenario | Result |
|---|---|---|
| 3.1 | Caller hangup before answer: CALL_END forwarded, ringing stopped, clean teardown | PASS |
| 3.2 | Busy signal: CALL_BUSY sent when session already active, caller receives error | PASS |
| 3.3 | Rapid redial after hangup: New session created successfully | PASS |
Phase 4 — Contacts & Status
| Test | Feature | Result |
|---|---|---|
| 4.1 | Contacts tab loads within 3 seconds | PASS |
| 4.2 | Zero duplicate contacts after deduplication | PASS |
| 4.3 | Online status dots visible (Pro/Premium), hidden (Free) | PASS |
Phase 5 — Feature Gating
| Test | Device & Tier | Result |
|---|---|---|
| 5.1 | S10 (Premium): shows "PREMIUM", eSIM/VPN enabled, all security ON | PASS |
| 5.2 | S7 (Free): shows "FREE", eSIM/VPN locked with "PREMIUM feature" | PASS |
| 5.3 | S4 (Pro): shows "PRO", eSIM/VPN locked, anti-recording toggleable | PASS |
Phase 6 — Special Features
| Test | Feature | Result |
|---|---|---|
| 6.1 | Doze mode battery optimization dialog shown on first launch | PASS |
| 6.2 | Phone number normalization (international format) | PASS |
| 6.3 | PHONE_LOOKUP rate limiting (10/min anti-enumeration) | PASS |
543d77f.
Complete Audit Documentation
The complete audit report with detailed vulnerability descriptions, reproduction steps, code references, and verification evidence is available in the project repository:
docs/SECURITY_AUDIT_REPORT.md — Full security audit report with code-level details
For responsible disclosure of new security vulnerabilities, please refer to our Security Policy.