Monolith supports a range of Android devices running Android 9 or any newer version.
We also perform a number of security checks on devices in order to analyse whether our customer's private keys will be stored securely in the device.
These involve root detection, secure hardware detection and blacklisted devices. Let's go through them in order:
Root Detection
Rooting is the process of enabling users of smartphones, tablets and other devices running the Android mobile operating system to attain privileged control (also known as root access).
Rooting can be exploited by malware, meaning that software can potentially access and live inside a device without being detected. Whilst we can't determine with 100% certainty if a customer's device has been rooted, we’ll always send our users a warning if we think it might have been.
Secure Hardware Detection
We rely on the Android operating system to let us know if a device has a hardware-backed keystore. In other words, whether the application can confidently rely on the device to secure the encryption keys at the hardware level – away from tampering with rogue apps.
When we don't think that a device meets these benchmarks, we send our users the following warning:
Blacklisted devices
We maintain a list of Android devices that have not received active security patches from Android or their manufacturers. These devices are deemed to be more likely to be exploitable by malware.
We've put these measures in place to protect our customers and their funds. We constantly review the latest developments in the mobile key management space and strive to provide an experience which strikes the right balance between security and practicality.