App security

1. Security password

1) Overview

A security password is an advanced security feature in the SafePal App. On first opening the App, users will need to create a new security password with at least 8 alphanum (letters & numbers). Meanwhile, the original password will be cancelled.

2) What's the purpose of a security password?

Security password is an advanced security feature for:

a. prevention of acquaintance attack

If somebody close to you(maybe a friend, colleague or passenger) steals your cellphone and re-pair the App with his/her own S1 hardware wallet, and put your cellphone back to the original place, coming next you might be receiving money without noticing the App has been paired with another device.
On the new version with a security password, users would need to enter the security password before pairing the App with a S1 hardware wallet.
Please be noted that the attack mentioned above is a very rare occasion, since someone who steals your cellphone would need to at least crack your cellphone lock first, own a SafePal S1 hardware wallet at the same time, without you noticing somebody takes your cellphone away for a period.
As small as the odds of the attack might be, we decided to treat it seriously because security is never a small thing to SafePal.

b. prevention of user setting same codes for the App and the S1 hardware wallet

The original password in the SafePal App(version below 1.1.0) is a list of 6-digit numbers, with the same rule of the PIN code on a S1 hardware wallet. During a user research, we noticed that users tend to set the same codes for both the App password and hardware wallet PIN code. This is not really a security vulnerability but could cause potential risk when a user accidentally discloses his/her regular password. Attackers could take advantage of this information and conduct brutal attack upon the hardware wallet.
Compared with the original App password, the new security password is a list of at least 8 alphanum(numbers+letters), preventing users to set a same password with the PIN code on the hardware device in any way.

3)What's the difference between the security password and PIN code?

This is a good question. Please check the answer here:

2. Hidden Balance

The asset balance hiding feature is an advanced feature of the SafePal App. Users can choose to show or hide the asset balance by controlling the eye icon next to the balance.
This feature is mainly to protect user privacy and prevent potential risks caused by the leakage of user's asset information.

How could SafePal wallet prevent back gate attack?

To prevent back gate attack, firstly there will be user behaviour involved. SafePal App can be downloaded from three official channels:
    Official website
    Google Play Store
    App Store Please do NOT download it from any other unknown channels.
Secondly, on SafePal wallet, there are multiple schemes to prevent possible back gate attack.
1. There is no back gate on the SafePal App at all. This is to prevent any possible threats to the App.
2. The communication between the SafePal App and the SafePal S1 hardware wallet are encrypted. Only a SafePal S1 wallet and its paired SafePal App can decode the encrypted information and ‘read’ the data from it. Thus no third party can decode the data involved in the data transmission, protecting users’ privacy.
3 When a user tries to transfer, there will be a clear and complete display of the transfer details(receiving address, amount, currency, etc) at each step of the transfer operation, preventing malicious attempt to forge wrong transfer to the attacker's address.
Last modified 6mo ago