We often say that there are two kinds of crypto wallets, namely, centralized wallets and decentralized wallets. In particular, a decentralized wallet does not save the user’s private key or mnemonic phrases. Some of you might ask: Isn’t ViaWallet supposed to be a decentralized wallet? How come I can export my private key and mnemonic phrases from ViaWallet? Where does it store my personal information? If it didn’t store my private key or mnemonic phrases, how can I give authorization without entering such information?
Confused by these doubts, some other users also start to wonder whether their private keys and mnemonic phrases are stored by decentralized wallets. Are decentralized wallets really decentralized?
The short answer is: yes, they are. Decentralized wallets do not save your private keys or mnemonic phrases on their server. Such information is encrypted and stored in the database of your smartphone. Without your authorization, the wallet cannot call your private keys or mnemonic phrases. Today, let’s explore where your mnemonic phrases and private keys are stored.
The sandbox mechanism in your phone
Before figuring out where private keys and mnemonic phrases are stored, we’ll first need to introduce the sandbox mechanism.
There are plenty of definitions of the sandbox mechanism. According to Wikipedia, the sandbox mechanism is:
To sum up, a sandbox restricts what applications can do by setting the permissions. With a sandbox,
Each application has its own storage space;
The data requested by each application needs to pass the permission test. If it fails to meet the relevant conditions, then the data will not be given to the application;
Applications cannot climb over the walls to access data stored elsewhere.
Here is how you can intuitively understand the sandbox mechanism: Your data is stored in a closed box, and no one may access the data without your permission.
This is how decentralized wallets “store” your mnemonic phrases and private keys. When a user creates or imports his wallet, the wallet will automatically encrypt the mnemonic phrases with the password he set and then write that into the corresponding sandbox file.
When the user needs to export the mnemonic phrases or use the private key, he’ll need to enter the password to decrypt the file, and the user would be able to carry on with the operation (export a wallet or authorize a transaction) with the private key only when the file is successfully decrypted.
Key security factors that users need to consider
The mnemonic phrases and private keys are encrypted and stored in the sandbox. Does that ensure perfect security? Normally, it does. In a normal system, even malicious applications are unable to invade other sandboxes.
However, if your phone has been rooted or jailbroken, then the bottom layer of the phone becomes wide open, and applications can freely access all the data it stores, including your private keys.
Therefore, you should avoid installing a crypto wallet on a jailbroken or rooted phone. If you did, never store a large amount of cryptocurrency in this wallet. In addition, when deep-cleaning your phone or uninstalling the wallet, please back up your mnemonic phrases because your private key would not be retrievable once the relevant data is lost.
A reminder from ViaWallet: Be sure to check for security when using crypto wallets because your assets are extremely important!