I've been using Aura Bitcoin Wallet (self-custody BTC), and I wanted to verify it myself before relying on it further, so I did two things:
1) Read the source on GitHub:
- Seed and private keys are stored locally, encrypted via the device secure store (with an optional extra password layer).
- The code explicitly refuses to write any key material as cleartext ("fail closed").
- The network layer only sends script hashes / public chain data to Electrum servers, and there's a guard that refuses to transmit anything matching seed/xpriv/wif/privkey patterns.
- No logging of secrets that I could find.
2) Reverse-checked the IPA against the source:
Since it's a React Native app, I extracted the code and libraries from the IPA and compared them to the public repo — and they match: same code, same libraries. So the App Store build appears to be built from the same open source, not different code.
For what it's worth, I also couldn't find any negative reports or scam complaints about it going back roughly a year. That said, it's still a low-profile project, so that may just reflect limited usage rather than a proven clean track record.
Honest caveats, though:
- This is a read/comparison, not a full security audit (I didn't verify the RNG quality or the signing logic line by line).
- Compiled native libraries are harder to verify than the JS.
- Any future update could change the binary, so this match only holds for the current 27.27.0.
My question to the community:
Has anyone done a deeper review, or noticed anything suspicious in the code, libraries, or dependencies?
App:
https://apps.apple.com/us/app/aura-bitcoin-wallet/id6749847943Code:
https://github.com/aurawallet1/aura-walletAura has all the hallmarks of the scam project.
Release v1.0.0 was published a week ago, while the latest one, v27.27.0, appeared this week. I've counted 18 releases published in less than 10 days. Why? In my view the answer is simple-they're trying to create the pretense of the working product while actually selling ice to Eskimos.
OP seems to be from their cohort. Newbie who drifts 1.8 BTC trough the chicken wallet and fiddles with its code to check the quality of RNG .....

, give me a break.
Be vigilant.