Why does Trust Wallet need access to my contacts or camera?

Security and Privacy Considerations

1. Trust Wallet does not request access to your contacts for any functional purpose related to wallet operations. No contact list synchronization, address book scanning, or social graph analysis occurs within the application.

2. Camera access is strictly limited to QR code scanning functionality. This permission enables users to scan wallet addresses, transaction requests, or BSC/ERC-20 token contract details directly from physical or digital displays.

3. Neither contacts nor camera permissions are transmitted to third-party servers. All processing happens locally on the device without cloud intermediation.

4. Android and iOS systems enforce runtime permission models. Trust Wallet follows platform guidelines by requesting only what is operationally necessary at the moment of use—not during installation or background execution.

5. Users retain full control: permissions can be revoked anytime via device settings without affecting core wallet features like sending, receiving, or viewing balances.

QR Code Scanning Mechanics

1. When initiating a transfer, the “Scan QR” button activates the device’s native camera interface with minimal latency.

2. The scanner decodes standard URI schemes such as ethereum:0x..., binance:bnb1..., or trust://send?... into valid transaction parameters.

3. No image data is stored, cached, or logged. Frame-by-frame analysis terminates immediately after successful decoding or user cancellation.

4. Custom QR codes containing smart contract interaction payloads—like swap routes or NFT minting instructions—are parsed solely for on-chain method invocation, never for external inference.

5. Alternative input methods remain fully supported: manual address entry, clipboard paste, or deep-link redirection from dApps.

Permission Transparency in Mobile Wallets

1. Trust Wallet publishes its AndroidManifest.xml and Info.plist files publicly on GitHub, allowing independent verification of declared capabilities.

2. App store listings include explicit permission rationales visible before download—no hidden or deferred consent flows exist.

3. Audits conducted by CertiK and OpenZeppelin confirm zero instances of unauthorized sensor usage across all released versions since 2021.

4. Device-level sandboxing prevents cross-app data leakage; even with granted permissions, Trust Wallet cannot access other apps’ private storage or memory space.

5. Biometric authentication bypasses the need for persistent background access—fingerprint or face ID unlocks occur outside the app process boundary.

Third-Party Integration Boundaries

1. DApp browser sessions operate inside an isolated WebView container with no inheritance of host app permissions unless explicitly delegated through WalletConnect or EIP-696 signing prompts.

2. External wallet connectors like MetaMask SDK or RainbowKit initiate their own scoped permission negotiations—Trust Wallet acts only as a relay, not a gatekeeper.

3. DeFi protocols integrated via built-in dApp browser do not receive camera or contact metadata; only signed transaction payloads and chain-specific account identifiers pass through.

4. Token lists and price feeds are fetched over HTTPS endpoints with certificate pinning—no device sensors involved in data aggregation pipelines.

5. Push notifications for transaction confirmations rely exclusively on APNs or FCM tokens generated during setup, requiring no hardware access.

Frequently Asked Questions

Q: Can Trust Wallet read my SMS messages if I grant camera access?A: No. Camera permission grants no capability to intercept, view, or process SMS content. Android and iOS enforce strict inter-permission isolation.

Q: Does denying camera access break wallet functionality?A: No. All transactions can be completed manually. QR scanning is optional convenience—not a mandatory step for fund movement.

Q: Is there any scenario where Trust Wallet accesses contact names or numbers?A: Never. Contact permission is neither requested nor utilized in any Trust Wallet release, official or forked.

Q: How does Trust Wallet verify it isn’t harvesting biometric data when using fingerprint login?A: Biometric enrollment and matching occur entirely within the device’s Secure Enclave or Titan M chip. Trust Wallet receives only a success/failure signal—not raw fingerprint templates or facial geometry points.