Security researcher REKTBuilder has uncovered potential privacy-invasive practices within Ledger Live, the software used to manage Ledger hardware wallets.
The findings raise concerns about user data collection and highlight the lack of transparency surrounding Ledger’s data practices.
REKTBuilder’s investigation began with the discovery of code responsible for “genuine checks” performed whenever a user connects their Ledger device. These checks reportedly list every app installed on the device, potentially revealing which cryptocurrency networks the user interacts with.
Further investigation led REKTBuilder to a more concerning discovery: the actual tracking mechanism lies within a subroutine called “listApps.” This code not only logs the installed apps but also records the time and date of each device connection, suggesting persistent user tracking.
Attempts to disable the tracking code resulted in the software becoming unusable, suggesting that Ledger Live’s core functionality is reliant on this data collection. This lack of an “opt-out” option raises red flags for privacy-conscious users.
Despite the privacy concerns, REKTBuilder continues using Ledger Live due to a lack of alternative hardware wallets compatible with the Avalanche network. This highlights the limited options available to users who prioritize both security and privacy.
Ledger has not yet publicly responded to REKTBuilder’s claims. The lack of transparency surrounding their data collection practices further fuels concerns about user privacy.
Also Read: Ledger Announces Full Reimbursement After Security Breach
