Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Technology » Could Smartphone Wallets Boost Blockchain Adoption?

Could Smartphone Wallets Boost Blockchain Adoption?

by
Smartphone wallets raise security questions

Share this article

At first glance, the concept of a smartphone-based hardware wallet is an attractive one. Due to the ubiquity of mobile devices, such solutions could give crypto adoption a massive boost. But even for fully-sold proponents, the issue comes with some obvious security questions.

Samsung says that their smartphones have the best features for crypto security. In a blog post last year, the company described its devices as “the best approach to short-term and medium-term storage” for cryptocurrency private keys. However, experts (and common sense) should raise some serious doubts.

Are “Trusted Environments” really secure?

With cryptocurrency wallets, security effectively boils down to the availability of secure storage for the private key combinations associated with transactions.

This is where Trusted Execution Environments come into the picture. A TEE is a hardware-based, isolated computing environment, featuring its own memory and storage space, which cannot be accessed by the OS of the smartphone. TEEs can only be accessed through a secure API, which makes use of “trustlets,” tiny applications contained within the TEE.

By using these trustlets for private key management, smartphone wallets can theoretically achieve a high degree of security.

Smartphone complexity is no friend of security

TEEs may not be vulnerable to compromised operating systems, but due to the nature of the platform on which they operate, they are still exposed to a daunting number of potential attack vectors.

Dedicated apps can be compromised and they can be programmed to make payments from the TEE, when the user actually accesses them. After all,  apps do after all have to be able to communicate with the TEE in order for it to be of any use.

The addition of a password requirement in the security chain also fails to eliminate the threat. “A particularly sophisticated piece of malware can just wait for you to enter the password in order to make a legitimate transaction,” and then re-use your password for fraudulent ones,  wrote Matthew Green, a cryptography professor at Johns Hopkins University,  in an email to Hard Fork.

Furthermore, the issue of quality cannot be ignored either. Security problems have been discovered in the TEEs of some of the top manufacturers.

Many users also keep their mobile devices connected to cellular and WiFi networks around the clock, opening even more avenues for potential exploits. 

Can blockchain seal the security holes?

One answer to these security problems could involve supplementing legacy systems with blockchain-based security. HTC’s first attempt at a blockchain-powered phone, Exodus, put the privacy-linked powers of DLT to use through the addition of a second Operating System, running in parallel with Android.

Exodus runs dApps, which – at least in theory – could completely eliminate the security holes of traditional apps. However, it bears pointing out that dApp security depends entirely on the goals and intentions of those who create these applications.

In Exodus’ case, the hardware wallet, Zion, comes with the phone, so it should be completely immune to exploits. Users who  lose their private keys can still call upon a Social Recovery Function to regain their funds.

Blockchain in full effect

Pundi X’s XPhone takes this approach one step further. Powered by Function X, a blockchain-based OS, the phone itself  is a blockchain node, no longer relying on centralized mobile carriers to perform its functions. For now, the XPhone can be used for calls through legacy cellular networks, but it sports a blockchain call feature, which may become the go-to option for private calls in the future.

XPhone may not be as revolutionary as its creators hope, but it could still offer significant advantages. A platform like Function X eliminates the security vulnerabilities of a fully fledged legacy mobile OS, such as Android, greatly enhancing the feasibility of smartphone crypto wallets. The capabilities of Function X also include private messaging and data transmission, positioning the XPhone as a potential host-platform for applications as complex as security tokenization and trading.

In its infancy, blockchain technology may still be in search of a problem to solve, but with blockchain phones and full data ownership, one of its first proper, real-world applications could be just around the corner.

The author is invested in digital assets. 

Join the conversation on Telegram and Twitter!

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.