How Account Abstraction is Redefining Mobile Wallet Security
There are no two ways to go about this: security is paramount when it comes to crypto wallets. When choosing where to store and manage your assets, it’s important to look at the ease of use, functionalities available, etc. but it is just as important (if not more) how secure the wallet is. Luckily for Ethereum users, there have been many positive developments recently to improve not just usability but also protection. In this blogpost, we will look into more detail at how mobile smart contract wallet security is shifting, largely thanks to Account Abstraction efforts.
Before we begin, let’s make one thing clear: Account Abstraction brings improvements across the board, not just on mobile devices. However, the difference on mobile is even more noticeable as there are many things that would have been impossible to do with a non-smart contract wallet.
Now is the time to dig deeper into the security features of mobile smart contract crypto wallets.
Email or Social Login & Recovery
Smart contract wallets eliminate the need for a seed phrase and allow you to register with simply an email address. This, of course, is also the case for mobile smart crypto wallets!
Email login and recovery have 2 major benefits: first of all, if you forget your password, you can easily recover the account and do not lose your funds. Secondly, this is a registration & login method that is already a familiar method to almost everyone and bridges the gap between Web2 and Web3 — thus helping us on the mission to mass adoption!
At Ambire Wallet e.g. the email/passphrase login feature is essentially a 2 out of 2 multi-sig wallet with the two keys generated on sign up. One key gets generated on the user side and another key is generated on the Ambire backend. Both keys need to sign a transaction and we also perform further security checks: for example, check if the transaction is to a known contract/address, if it’s over a configurable daily limit, or even enforce 2FA through OTP or email.
An example for a different method of registration and recovery is the so-called Social Recovery, used by smart contract wallets like Argent. In their case the smart contract deployed to represent your wallet has only a single key but you can nominate ‘guardians’ for an additional layer of protection. These guardians can either be other Web 3 wallets (hardware or software) but also other people who you trust.
Limited token approvals and batched revoking
Smart contract wallets remove the need to grant infinite approvals. With them the approval is batched with the actual transaction and that means that users only give a limited approval for the amount they need. This way users do not expose the full asset amount they hold and avoid the risk of upgradable smart contracts. Furthermore, if you do need to revoke approvals, you can batch multiple transactions in one and revoke all at the same time.
Ability to add or remove signer keys
Another benefit of Account Abstraction is the ability to add or remove signers to a mobile wallet — this means you get to authorize who/what can sign transactions. For example, if your email becomes compromised, you can easily add a hardware wallet to Ambire Wallet as a signer key and use that to sign transactions or confirm actions, or you can remove the compromised email address and replace it.
Further authentication methods
There are more security features that mobile smart contract wallets can also benefit from. Just to name a few, for example users can take advantage of biometric authentication for login. They are known to improve mobile security in several ways. Firstly, it’s just so simple! It also makes it harder for hackers to access the device because the data is only stored locally. Additionally biometric methods can include fingerprint, face, signature, voice, and iris recognition: these are all unique to each individual and this makes them very difficult to replicate.
Technology advances have made using hardware wallets with mobile devices possible too. For example, if you have a Ledger Nano X, you can add a new hardware wallet signer in the Ambire Wallet mobile app. Then you can use the hardware wallet to sign transactions for even more security!
Conclusion
Mobile crypto wallets, especially smart contract wallets like Ambire, (Gnosis) Safe and Argent, are nowadays just as secure as web-based wallets or browser extensions. They even have the added benefit of biometric authentication which may not be available to their browser counterparts. The wallet landscape is slowly changing, and the more efforts we see towards adopting Account Abstraction, enhancing already available features and developing new ones, the more we will notice the shift to mobile.
Of course, be aware that no single layer of security is 100% foolproof so we always recommend adding as many layers as possible in order to keep your crypto assets safe.
Become an Ambire Wallet Mobile App Early Tester
We recently announced that the Ambire Wallet Mobile Apps for iOS and Android are coming soon. You have a chance now to become an early tester and get exclusive access to the app during its private beta: join our Ambire Community on Discord to register your interest now or leave us your email address to be the first one to know when they drop:
