-
Mobile Wallets
Mobile wallets have rapidly become one of the most popular
ways to manage digital assets due to their convenience and
accessibility. However, this popularity also brings with it unique
security challenges that users must consider carefully. This chapter
explores the key metrics for evaluating mobile wallets, helping users
understand how to best secure their digital assets on mobile devices.
Cold-Storage vs. Hot-Storage
Mobile wallets are inherently hot-storage solutions because they are constantly connected to the internet through mobile networks or Wi-Fi. This always-online nature makes them vulnerable to a wide range of threats, including phishing attacks, malware, and network-based attacks. Unlike desktop or hardware wallets that can be fully air-gapped to achieve cold storage, mobile wallets are typically designed for quick access and ease of use. Some mobile wallets attempt to offer cold storage-like functionality by enabling the app to operate in offline mode or by integrating with hardware wallets, but these are often limited and require careful management. Users who prioritize security over convenience may need to complement their mobile wallets with a hardware wallet or keep only a small amount of funds in the mobile wallet for daily transactions.
Integrated Display with OS vs. No Integrated Display with OS
One of the strengths of mobile wallets is their use of the device’s integrated display for transaction verification. Unlike desktop or browser wallets, mobile devices inherently provide a more isolated and controlled environment for displaying transaction details, as long as the operating system is secure. However, this reliance on the device’s display also introduces vulnerabilities if the device is compromised, such as through malware or unauthorized access. Without the protection of an external, dedicated display (as seen in hardware wallets), users must trust that what is shown on the mobile screen accurately reflects the transaction being signed. While mobile wallets generally offer a good balance of convenience and security, they still rely heavily on the underlying operating system’s integrity.
General Purpose OS vs. OS Built to Secure Private Keys
Mobile wallets run on general-purpose operating systems like Android and iOS. While these platforms are widely used and frequently updated with security patches, they are not specifically designed to secure private keys. This exposes mobile wallets to risks such as OS-level exploits, malicious apps, and vulnerabilities inherent to the general-purpose nature of these operating systems. While iOS is generally considered more secure due to its closed ecosystem, it still faces significant threats, and Android’s openness can be a double-edged sword in terms of security. To mitigate these risks, some mobile wallets implement additional security features, such as secure enclaves or biometric authentication, which are built into the mobile OS to enhance the security of private key storage and transactions.
Test of User Presence
Mobile wallets often leverage the device’s biometric sensors, such as fingerprint readers or facial recognition, to enforce a test of user presence. This ensures that only the authorized user can approve transactions, adding a layer of security against remote attacks. However, the effectiveness of this test depends on the robustness of the biometric implementation and the security of the underlying operating system. In some cases, these biometric systems can be bypassed or fooled by sophisticated attacks, so relying solely on them may not be sufficient for high-value transactions. For enhanced security, some mobile wallets also support two-factor authentication or integration with hardware wallets, which require physical confirmation of transactions, thereby providing a more reliable test of user presence.
Wallet Update (Firmware Update, Software Update)
Mobile wallets rely on software updates to patch vulnerabilities and introduce new features. While mobile operating systems like Android and iOS enforce a relatively strict update process through their app stores, this process is still not as secure as the firmware update mechanisms found in dedicated hardware wallets. Software updates can be compromised if the app store or update process itself is targeted by attackers. Furthermore, users must trust that the wallet developers are diligent in providing timely updates and that these updates are applied correctly on their devices. For users handling significant amounts of digital assets, it is crucial to stay vigilant about applying updates and to consider using wallets that have a transparent and secure update process.
On-Chain vs. Off-Chain Recovery
Recovery methods for mobile wallets vary, with on-chain and off-chain options offering different levels of security and convenience. On-chain recovery, such as multi-signature (multi-sig) schemes, allows for decentralized and secure recovery of funds by requiring multiple parties or devices to approve transactions. This method is more secure but can be cumbersome to manage on a mobile device. Off-chain recovery methods, like Shamir’s Secret Sharing, involve splitting the private key into multiple parts and distributing them among trusted entities. While this approach is more user-friendly and practical on mobile devices, it introduces the risk of losing access if the shares are not properly managed. Mobile wallets that offer flexible recovery options allow users to tailor their security measures to their specific needs, balancing ease of use with robust protection.
Cold-Storage vs. Hot-Storage
Mobile wallets are inherently hot-storage solutions because they are constantly connected to the internet through mobile networks or Wi-Fi. This always-online nature makes them vulnerable to a wide range of threats, including phishing attacks, malware, and network-based attacks. Unlike desktop or hardware wallets that can be fully air-gapped to achieve cold storage, mobile wallets are typically designed for quick access and ease of use. Some mobile wallets attempt to offer cold storage-like functionality by enabling the app to operate in offline mode or by integrating with hardware wallets, but these are often limited and require careful management. Users who prioritize security over convenience may need to complement their mobile wallets with a hardware wallet or keep only a small amount of funds in the mobile wallet for daily transactions.
Integrated Display with OS vs. No Integrated Display with OS
One of the strengths of mobile wallets is their use of the device’s integrated display for transaction verification. Unlike desktop or browser wallets, mobile devices inherently provide a more isolated and controlled environment for displaying transaction details, as long as the operating system is secure. However, this reliance on the device’s display also introduces vulnerabilities if the device is compromised, such as through malware or unauthorized access. Without the protection of an external, dedicated display (as seen in hardware wallets), users must trust that what is shown on the mobile screen accurately reflects the transaction being signed. While mobile wallets generally offer a good balance of convenience and security, they still rely heavily on the underlying operating system’s integrity.
General Purpose OS vs. OS Built to Secure Private Keys
Mobile wallets run on general-purpose operating systems like Android and iOS. While these platforms are widely used and frequently updated with security patches, they are not specifically designed to secure private keys. This exposes mobile wallets to risks such as OS-level exploits, malicious apps, and vulnerabilities inherent to the general-purpose nature of these operating systems. While iOS is generally considered more secure due to its closed ecosystem, it still faces significant threats, and Android’s openness can be a double-edged sword in terms of security. To mitigate these risks, some mobile wallets implement additional security features, such as secure enclaves or biometric authentication, which are built into the mobile OS to enhance the security of private key storage and transactions.
Test of User Presence
Mobile wallets often leverage the device’s biometric sensors, such as fingerprint readers or facial recognition, to enforce a test of user presence. This ensures that only the authorized user can approve transactions, adding a layer of security against remote attacks. However, the effectiveness of this test depends on the robustness of the biometric implementation and the security of the underlying operating system. In some cases, these biometric systems can be bypassed or fooled by sophisticated attacks, so relying solely on them may not be sufficient for high-value transactions. For enhanced security, some mobile wallets also support two-factor authentication or integration with hardware wallets, which require physical confirmation of transactions, thereby providing a more reliable test of user presence.
Wallet Update (Firmware Update, Software Update)
Mobile wallets rely on software updates to patch vulnerabilities and introduce new features. While mobile operating systems like Android and iOS enforce a relatively strict update process through their app stores, this process is still not as secure as the firmware update mechanisms found in dedicated hardware wallets. Software updates can be compromised if the app store or update process itself is targeted by attackers. Furthermore, users must trust that the wallet developers are diligent in providing timely updates and that these updates are applied correctly on their devices. For users handling significant amounts of digital assets, it is crucial to stay vigilant about applying updates and to consider using wallets that have a transparent and secure update process.
On-Chain vs. Off-Chain Recovery
Recovery methods for mobile wallets vary, with on-chain and off-chain options offering different levels of security and convenience. On-chain recovery, such as multi-signature (multi-sig) schemes, allows for decentralized and secure recovery of funds by requiring multiple parties or devices to approve transactions. This method is more secure but can be cumbersome to manage on a mobile device. Off-chain recovery methods, like Shamir’s Secret Sharing, involve splitting the private key into multiple parts and distributing them among trusted entities. While this approach is more user-friendly and practical on mobile devices, it introduces the risk of losing access if the shares are not properly managed. Mobile wallets that offer flexible recovery options allow users to tailor their security measures to their specific needs, balancing ease of use with robust protection.