[ECO Bounty] ioPay Unauthorized Private Key Exposure in Offline Mode

• Report Priority: Critical / Security Vulnerability

• App Version: ioPay 5.3.1 (3973)

• Device: Infinix X670

• OS: Android 13

• Wallet Address: io1tkw393kejmxwnd454twc6020sxcyvh5dxqmren

Description: I am reporting a critical security vulnerability in the current version of ioPay. The application allows a user to export or share their private key while in "Offline Mode."

Steps to Reproduce:

1. Open the ioPay app.

2. Navigate to "Private Offline Mode."

3. [Insert your specific steps here, e.g., "Select the export option," or "Open the sharing menu."]

4. The application presents the private key in a format that can be copied, shared via third-party apps, or captured, which exposes the user's funds to immediate risk of theft.

Expected Behavior: The private key should never be exportable or sharable, particularly within an "offline" feature. Sensitive credentials should remain encapsulated within the device’s secure storage.

Impact: This vulnerability grants unauthorized access to the wallet's private credentials, potentially leading to a total loss of assets.

Action Required

Please treat this as a high-priority security issue. I have not shared this key with any unauthorized parties, but the fact that the application allows this action poses a significant risk to all users.