1. Self-Custody Verification

We verify that the private keys (or recovery phrases) are generated using secure random number generators on the local device. The application must encrypt these keys using client-side passcodes or hardware enclaves (like iOS Secure Enclave), ensuring the keys never leave the phone or computer.

2. Open-Source and Reproducible Builds

A closed-source wallet is a black box. We check the official repository on GitHub to ensure the code is active and open for peer review. Ideally, the wallet should support reproducible builds—allowing developers to compile the public code and verify it matches the exact binary published on the App Store or Google Play.

3. Network Privacy Parameters

Blockchain assets protect ledger transaction history, but connecting to the blockchain can expose your IP address. We inspect the wallet's node configuration menu. We check if the app has native Tor support, lets you add custom nodes, and allows you to hide transaction broadcast times.

4. Fee and Cost Auditing

We perform actual transactions to measure:

• Whether the wallet adds any surcharge on top of standard network miner fees.
• The exact exchange spread charged during built-in currency swaps (by comparing the displayed swap rate with the global spot price).

5. Synchronisation and Performance

For privacy-focused assets like Monero, synchronization speed is a primary user pain point. We test the sync engine under various node configurations (default remote nodes versus custom private nodes) and document how long the wallet takes to scan the blockchain under typical network conditions.