On Android, Monolith supports a range of Android devices at the operating system version level.
We also perform a number of security checks on devices in order to analyse whether our customer's private keys will be stored securely in the device.
These involve root detection, secure hardware detection and blacklisted devices. Let's go through them in order:
Rooting is the process of allowing users smartphones, tablets and other devices running the Android mobile operating system to attain privileged control (known as root access).
Rooting can be exploited by malware in order to live undetected in a device. Whilst we can't determine with 100% certain if a customer's device has been rooted, when we think a device has likely been rooted we show a dismissible warning to our users.
Secure Hardware Detection
We rely on the Android operating system to let us know if a device has a hardware-backed keystore. In other words, whether the application can confidently rely on the device to secure the encryption keys at the hardware level - away from tampering from rogue apps.
When we don't think that a device meets these benchmarks, we show users the following warning:
We maintain a list of Android devices that are not receiving active security patches from the Android project or their manufacturers. These are devices which are deemed to be more likely to be exploitable by malware.
We've put these measures in place to protect our customers and their funds. We constantly review the latest developments in the mobile key management space and strive to provide an experience which strikes the right balance between security and practicality.