Bitcoin Cash Wallet network analysis
I decided to look at Bitcoin.com’s Bitcoin Cash Android wallet after I saw a worried tweeter wonder why it needed network during setup of a wallet.
I used Charles to peek at the traffic and here are the findings.
On the Android device, while setting up a new wallet there were two notable calls, both sending an “Account Extended Public Key” to two servers.
The second call, sends the same public key to a different server.
The mnemonic I was given was:
slow various sea obey rotate ask provide cry acquire fortune pepper strongAnd the xpub being passed around is:
xpub6Cn8pcyrXHsfYaVh7hVWehpPPt53mKDFr9AxCbe7kjYvjq8HprEGZ5irAPr8mCPenj3Fzw85beWjF596WonQeiAFGCvZM1DLdL9YP8h3MpqYou can put this in to iancoleman.io/bip39 to see which derivation paths these public keys come from.
Bitcoin Cash has a BIP44 coin number of 145, so you would expect a brand new HD wallet to have an account path of m/44'/145'/0' but as you can see from Ian Coleman’s website, that is not the case.
If we change the coin to bitcoin, and therefore a derivation path of m/44'/0'/0' we get a hit:
Addresses
Next I checked to see what addresses it was providing, and I found out that it is using the same addresses for Bitcoin Cash as for Bitcoin Core, which, given the same derivation path is actually to be expected. So it does comes with one slight advantage, a user cannot mix up addresses. The downside would be one of privacy as addresses are reused on the two chains. Note that replay attacks are not a concern with bitcoin cash https://bitcoin.stackexchange.com/a/56874/3511
Conclusions
I would assume the two servers track the different coins, Bitcoin Cash and Bitcoin Core.
While it’s reasonable for a backend to have your public key in order generate addresses to track payments. It would be more anonymous if it just tracked addresses (this is how electrum works). If you migrate this recovery code to another wallet, bitcoin.com’s servers will still be able to see your activity because they know all your future keys, not just those you are using today. Something to bare in mind.
I can see why they have gone with a non-standard use of BIP44 for user safety but you might find attempts to migrate to another wallet app hard if that app follows the convention of using 145' in the derivation address. That said, wallet apps may also consider that users may be trying to recover BCH from before the fork, so coin 0 could well be an option.
