Beyond transactions, a common requirement is to cryptographically sign a message to prove ownership of a specific wallet address without spending gas. This test checks the message signing capability of the MetaMask Android app. The tester navigates to the account settings or a dedicated section to find the “Sign Message” feature. Alternatively, this can be triggered by a DApp requesting a signature. The app should present the raw message text clearly for the user to review before signing. This is a security critical step, as users should never sign encrypted or hashed messages they don’t understand, as they could be malicious transactions in disguise. After reviewing, the user confirms the signing, which is authenticated with the local password. The wallet then generates a cryptographic signature. The test is successful if this signature can be independently verified using external tools and the account’s public address, confirming that the private key holder (the wallet) indeed signed the specific message. This feature is vital for logging into off-chain services and creating provable identities. The technical specifics of the signing algorithm can be researched at metamask.
