ZeroAuth
HomeSecurityPrivacyTermsSign in
Back to Security Center
Security Trust Center

Audits & Roadmap

Last Updated: May 2026

Security maturity compounds over time. We believe transparency builds trust, which is why we openly document our audit posture, planned milestones, and the areas of our architecture requiring independent validation.

01. Validation Focus

Audit Scope

Verification Goals

Independent reviews are requested to validate that our local-first implementation perfectly aligns with our safety specifications.

Cryptographic Primitives

Formal analysis of key derivation work-factors (PBKDF2/HMAC-SHA256) and authenticated vault encryption ciphers (AES-256-GCM).

Storage Boundaries

Verifying memory zeroization lifecycle and operating system sandbox controls preventing unauthorized access to raw keys.

OS & Hardware Integration

Assessing biometric authentication gating (hardware Keychain / Keystore APIs) and defenses against intent spoofing or keylogging.

Compliance Alignment

Evaluating data sovereignty capabilities under corporate compliance standards like HIPAA, SOC 2, and GDPR out-of-the-box.

02. Current Status

Active State

Pre-Audit Stage

Currently, no external third-party audits have been finalized. We are focusing on internal hardening prior to external review engagement.

Hardening Progress Visualizer

Stage 01Code HardeningCompleted
Stage 02Threat Modeling
In Progress
Stage 03Third-Party AuditUpcoming

Publishing premature security statements is security theater. ZeroAuth will only publish reports that involve deep, technically credible verification from recognized independent cryptographic and penetration testing firms.

03. Review Roadmap

Milestones

Audit Timeline

Detailing our planned progression toward external validations and continuous security verification.

Phase 1: Internal Architecture Review

In Progress

Validating local-first isolation boundaries, memory zeroization effectiveness, and secure storage lifecycle integrations across physical platforms.

Phase 2: Cryptographic Core Audit

Planned

Independent cryptanalysis of local key derivation work factors, encrypted backup exports, and secure on-device TOTP code generation parameters.

Phase 3: Mobile Penetration Testing

Planned

Third-party black-box and white-box assessments targeting local privilege escalation, intent spoofing, and side-channel vulnerability testing on iOS/Android.

Phase 4: Compliance & Egress Audit

Planned

Verifying complete air-gapped operations, network telemetry isolation, and compliance parameters for high-security enterprise installations.