How it works
EOA wallets
EOA wallets, or Externally Owned Accounts, serve as the primary interface for users to interact with web3. The creation of an EOA wallet involves generating a private key, which acts as a unique signature providing access and control to the account. EOA wallets generated by the SDK are user-custodied, meaning that they are created and stored on a user's device.
Generating EOAs
The EOA wallet generation process uses the BIP39 mnemonic generation to create a hierarchical-deterministic (HD) wallet. This mnemonic is used to extract a private key from the BIP32 path "m/44'/60'/0'/0/0" which is the Ethereum default path.
This generation process uses the same methodologies as ethers js, with a couple of key differences:
The generation of the mnemonic and the extraction of the private key are both done in native code, with C being used on the iOS side and Kotlin on the Android side.
The private key from our NativeModule is passed over to the JavaScript side to instantiate an ethers js wallet using the private key.
The generated ethers js wallet does not have access to the mnemonic, it is not able to create a second wallet with a different path.
Encryption & Storage
Private key storage makes use of hardware encryption and low level OS key storage technology on device.
Persistence
By default, createAccount stores the private keys at the device + cloud level.
iOS
Device + iCloud storage
Requirements
Device must be logged into an Apple ID to back up keys to iCloud.
Use cases
Logging on to different devices with the same Apple ID and mobile app will restore the original crypto account created by that Apple ID.
Deleting and reinstalling a mobile application will restore the original crypto account.
Device only storage
Use cases
Deleting and reinstalling a mobile application will restore the original crypto account.
Android
Device + Google Cloud storage
Requirements
End to End encryption is supported on devices running Android 9 and above.
Device must have a screen lock set with a PIN, pattern, or password for end to end encryption to be enabled.
Device must be logged into a Google account to back up keys to Google Cloud.
Use cases
Logging on to different devices with the same Google account and mobile app will restore the original crypto account created by that Google account.
Deleting and reinstalling a mobile application will restore original crypto account.
Device only storage
Use cases
Deleting and reinstalling a mobile application will generate a new private key due to SharedPreferences being deleted along with the app bundle. The original crypto account will no longer be recoverable.
Last updated