Client Security

a. Client Runtime Environment Security

i) The MUFEX App is developed using the secure Flutter framework for higher security. During startup, the app checks for root access, jailbreak, injection, and message hooks to ensure that it runs in a secure environment.

b. Client Data Security

i) MUFEX uses the HTTP Strict Transport Security (HSTS) protocol, which enforces the use of HTTPS for secure connections. WebSocket connections are secured using the WebSocket Secure (WSS) protocol. This ensures the integrity and confidentiality of HTTP and WebSocket protocol data between the user client and MUFEX servers, significantly enhancing the security of user data and preventing theft and data leaks during transmission.

c. Client Security Vulnerability Protection

i) By optimizing and iterating on H5 (HTML5) security best practices, MUFEX has implemented an H5 security solution tailored to its needs, ensuring the security of H5 code and services.

ii) MUFEX has dedicated mobile security vulnerability researchers who discover and locate vulnerabilities in the app, client, and third-party components to ensure the security of the client.

iii) MUFEX also collaborates with multiple security vendors, regularly inviting external security firms to conduct penetration testing on MUFEX and promptly address and fix any issues.

d. Product Security Capabilities

i) MUFEX has integrated numerous security products into its user system, authentication system, and transaction system. These include two-factor authentication, protection against cross-site scripting (XSS) attacks, protection against cross-site request forgery (CSRF) attacks, login expiration, single-client detection, password strength assessment, prevention of email theft, and data obfuscation. These measures ensure the security of user transactions and data. In the future, MUFEX will incorporate more security products to further enhance security.