Server Side SDK
The App must securely create and store user passphrase prefix. The user passphrase prefix must not be deleted until the user is active.
Minimum length of
passPhrasePrefixshould be 30.
Please use special care while generating passphrasePrefix. It should not be deterministic (w.r.t. user information or time). We recommend using BIP-39 libraries.
Android Wallet SDK
Managing Passphrase Prefix:
- The App must get user passphrase prefix from their servers only when needed.
- The App should not cache or store the user passphrase prefix on the device.
Managing User Pin:
- The App must never store/cache user pin in any form (not even in encrypted form).
Read the android app security checklist.
iOS Wallet SDK
Applications should enable general data protection on the app's provisioning profile, and then setting the
Sharing and Permissions to Complete Protection, which will enable app-wide file system protection.
Read the official iOS security guide.