Security Model | Aegis Security Layer

How Aegis Works

Aegis consists of two components that work together: a browser extension installed on your desktop and a companion mobile application on your phone. These two devices form a user-controlled authorization system.

Authorization Flow

┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐ │ Your Browser │ ──────▶ │ Relay Server │ ──────▶ │ Your Phone │ │ Extension │ │ Encrypted relay │ │ Biometric check │ └──────────────────┘ └──────────────────┘ └──────────────────┘ 1. Extension detects withdrawal request in your browser 2. Request is paused — nothing leaves your browser yet 3. Notification sent to your phone via encrypted channel 4. You review details and approve/reject via fingerprint or Face ID 5. Response sent back — browser proceeds or cancels

Additional Security Checks

Beyond transaction authorization, the extension performs these checks locally on your device:

📋 Clipboard Monitoring

When you copy a cryptocurrency address, the extension remembers it. When you paste, it checks whether the address was silently replaced. All processing happens locally — clipboard content is never sent to our servers.

🌐 Phishing Detection

The extension periodically downloads a database of known scam domains and checks each site you visit against it locally. Suspicious sites trigger a warning page. Your browsing history is never transmitted.

🎯 Address Similarity Check

When you interact with a cryptocurrency address, the extension checks if it looks suspiciously similar to one of your saved trusted addresses (a common "address poisoning" attack vector). This check is local.

📒 Address Book

You can save verified addresses locally in the extension. Transactions to whitelisted addresses may bypass the mobile confirmation step. The address book is stored in your browser — not on our servers.

🔍 Input Field Monitoring

When you enter a cryptocurrency address on a website — whether by typing, pasting, or other input methods — Aegis may monitor visible input fields to track the address you intended to use. If an outgoing network request contains a different address than what you entered, Aegis may alert you to a potential address substitution. This verification operates entirely within your browser. Input field contents are never transmitted to, stored on, or accessible by Aegis servers or any third party.

Non-Custodial Design

Aegis is designed with a strict non-custodial architecture. This is a deliberate design choice, not a limitation.

What We Never Access

Private keys or seed phrases — Aegis never requests, stores, or transmits these. The extension has no mechanism to access wallet private keys.
Exchange login credentials — Aegis does not intercept, read, or store your exchange username, password, or 2FA codes.
Exchange API keys — Aegis does not use or request API access to any exchange.
Wallet contents or balances — The core extension does not query or display your asset balances. The optional Sentinel feature in the mobile app may monitor publicly available on-chain balance data for addresses you specify, if enabled by you. Sentinel checks are periodic, not real-time, and alerts are only displayed while the app is open. See §16 of our Terms for details.
Biometric data — Fingerprint and Face ID authentication is handled by your mobile device's operating system security framework (such as iOS Secure Enclave or Android hardware-backed keystores, where available). Aegis receives only a pass/fail result. Raw biometric data is never accessed, transmitted, or stored by Aegis or its servers.
Passcode fallback — If biometric authentication is unavailable on your device, a device passcode or PIN may be accepted as a fallback verification method. This fallback is controlled by your device's operating system, not by Aegis.

What Is Transmitted From Your Devices

Ably (real-time relay) — Authorization request details (site name, action type, timestamp) are transmitted through Ably's encrypted relay infrastructure to your mobile device. Ably processes this data in transit but does not store message content permanently.
Supabase (database) — License validation data, device identifiers, and consent records are stored in our Supabase database infrastructure.
Resend (email delivery) — Used solely for license key recovery emails. Recovery emails are sent only when explicitly requested by the user through our recovery page. Resend processes the recipient email address for delivery purposes only.
Consent records: When you accept Terms of Service, a record of acceptance is stored for legal compliance.

No cryptocurrency, no credentials, and no financial data passes through our infrastructure. We physically cannot move your funds.

Known Limitations

We believe transparency about limitations is more valuable than overpromising protection. You should understand the following before relying on Aegis.

⚠️ No Software Provides Absolute Protection

Novel or zero-day attacks may use techniques that Aegis has not been designed to detect. The threat landscape evolves continuously.
Sophisticated social engineering (e.g., someone convincing you to approve a malicious transaction) operates outside the scope of software controls. Aegis presents information — the decision is yours.
Physical coercion or device compromise — if an attacker has physical access to both your computer and phone, software-based security layers can be bypassed.
Browser or exchange changes may affect detection accuracy. When exchanges update their user interfaces or transaction flows, there may be a period where Aegis does not correctly identify withdrawal requests until an update is released.
False positives and false negatives are inherent to any detection system. Aegis may occasionally flag legitimate activity as suspicious, or may not flag all malicious activity.
Scam database coverage depends on third-party intelligence feeds. Newly created phishing sites may not be in the database immediately.
Network or service interruptions affecting our relay infrastructure, your internet connection, or your mobile device may prevent authorization requests from being delivered.
Extension permissions are limited by what browser platforms allow. Some transaction methods or platforms may not be detectable by a browser extension.
Input field monitoring may not detect addresses populated by website scripts, browser autofill from third-party password managers, or fields rendered inside isolated browser contexts. Always verify addresses manually before confirming transactions.

🤝 Shared Responsibility

Aegis is designed to be one layer in a defense-in-depth approach to cryptocurrency security. It is not a substitute for:

Using hardware wallets for long-term storage
Enabling exchange-native 2FA (authenticator apps, not SMS)
Verifying addresses through multiple independent channels
Keeping software and browsers updated
Using strong, unique passwords with a password manager
Being cautious of unsolicited messages, links, and offers
Regularly reviewing exchange activity and withdrawal settings

You retain full responsibility for your digital assets and security decisions. Aegis aims to reduce risk — it cannot eliminate it.

Recommended Best Practices

Aegis provides additional verification layers, but no security tool can replace careful personal habits. We recommend the following practices to help reduce your risk. These recommendations are informational only and do not constitute security advice. Following these practices does not guarantee protection against all threats.

Address Entry

Always verify the full address — Before confirming any transaction, manually compare the complete destination address character by character against your intended recipient. Do not rely solely on the first and last few characters.
Use copy and paste from trusted sources — Whenever possible, copy addresses directly from a source you trust (your hardware wallet software, a verified contact, or your Aegis address book) rather than typing manually, which is prone to human error.
Verify after pasting — After pasting an address, visually confirm the pasted value matches what you copied. Some forms of malware can modify clipboard contents between copy and paste actions.
Be cautious with saved/recent addresses — If a website offers to auto-fill or select from recently used addresses, verify the auto-populated address is correct before proceeding. Auto-populated values may not trigger all verification layers in browser extensions.
Use your Aegis address book — For addresses you transact with regularly, add them to your Aegis address book. Whitelisted addresses are recognized across sessions without repeated verification prompts.

General Security Hygiene

Review browser extensions regularly — Uninstall extensions you no longer use. Malicious or compromised extensions can interfere with transactions.
Keep your browser updated — Security patches in browser updates help protect against known vulnerabilities that could affect any extension.
Verify website URLs — Before entering sensitive information or initiating transactions, confirm you are on the legitimate website. Aegis includes phishing detection, but new phishing domains may not yet be in our database.
Approve transactions only when expected — If you receive an approval request on your mobile device that you did not initiate, reject it immediately. Unexpected approval requests may indicate unauthorized activity.
Do not share your license key — Your Aegis license key links your desktop browser to your mobile device. Sharing it could allow others to approve transactions on your behalf.
Test with small amounts first — When sending to a new address for the first time, consider sending a small test transaction and confirming receipt before sending larger amounts.

These practices reflect general industry guidance and are not exhaustive. Users are solely responsible for their own security decisions. See our Terms of Service §3 for details on user responsibility.

Data Handling

Aegis follows the principle of data minimization. Here is what happens with your data:

Processed Locally (Never Leaves Your Device)

Clipboard content — monitored and compared locally
Website URLs — checked against a locally-cached scam database
Cryptocurrency addresses — validated and compared locally
Biometric data — processed by your phone's operating system secure enclave; Aegis never sees raw biometric data
Address book — stored in browser local storage

Transmitted (Encrypted)

Authorization requests — relayed between your browser and phone via encrypted channel
License key and device ID — sent to our server for subscription verification
Consent acceptance — recorded on our server for legal compliance

Stored on Our Server

Anonymous device identifier (for license seat management)
License key and subscription status
Consent records (timestamp, device type, version, IP address, user agent)
Email address (paid users only) — provided by payment processor, stored for license delivery and account recovery. When you request license recovery, your email is shared with our email delivery provider (Resend) solely to deliver the recovery email. We do not use your email for marketing or any other purpose.

For complete details, see our Privacy Policy.

What Aegis Is Not

To set clear expectations:

Aegis is not antivirus software. It does not scan for malware, viruses, or trojans on your device.
Aegis is not a VPN or network security tool. It does not encrypt your internet traffic or hide your IP address.
Aegis is not a wallet. It does not store, send, or receive cryptocurrency.
Aegis is not an exchange security audit. It does not evaluate the security practices of exchanges you use.
Aegis is not infallible. It is software created by humans, and software can contain bugs, miss edge cases, or fail in unexpected ways.
Aegis is not a replacement for caution. If something feels wrong, do not rely solely on Aegis to catch it. Verify independently.

Responsible Disclosure

If you discover a security vulnerability in Aegis, we appreciate your help in disclosing it responsibly.

Email your findings to support@aegis-security.app with the subject line "Security Disclosure"
Include a clear description of the vulnerability and steps to reproduce it
Allow us reasonable time to investigate and address the issue before any public disclosure
Do not exploit the vulnerability beyond what is necessary to demonstrate it
Do not access, modify, or delete other users' data

We do not currently operate a formal bug bounty program. We aim to acknowledge responsible disclosures and credit reporters (with permission) in our release notes.

Security Model & Transparency