The Uniswap mobile wallet is a self-custodial wallet that is simple, safe, and easy to use. Now that it's out, we wanted to give you a behind-the-scenes look at our design principles, why we open sourced it, and how we think about security and privacy.
We open sourced the Uniswap mobile wallet for a few reasons:
- Open Source is User Aligned: Users have a right to choose the product that is best for them. Instead of trusting our claims about security, privacy, and data retention, users should be able to validate these claims by directly viewing the source code. Open source products allow users to evaluate their options to the greatest extent possible.
- Open Source Builds Trust: The Uniswap mobile wallet has been audited by multiple parties, including Trail of Bits. These security reviews build trust in the safety of our products. Open sourcing takes this one step further. By exposing our codebase to the public forum, security researchers can further vet our wallet.
- Open Source is Collaborative: When we started building the wallet, there weren't many open sourced wallets to learn from. By publishing our code, the Uniswap mobile wallet becomes a reference for other builders.
We've open sourced the entire wallet, including code that touches private keys, seed phrases, and on-chain data. You can inspect our repo, but some noteworthy code includes key management, iCloud backup, arbitrary transaction signing using WalletConnect, token swaps on multiple chains, viewing NFTs, and various UI components.
We had two goals that informed the mobile wallet design principles:
- Protect the user's wallet from being drained by securely storing and accessing the seed phrase
- Protect the user from losing wallet access with backup options
Apple built the iOS Keychain as a SQLite database that securely stores secrets, like passwords, certificates, and private keys. Some unique properties of the Keychain include:
- Items are encrypted using two AES-256-GCM keys: A table key and per-row key
- Items never leave your device
- Items cannot be shared between applications
- Items do not sync to the iCloud keychain
Keychain items are encrypted using 256-bit keys stored in Apple's Secure Enclave, a dedicated hardware-based key manager isolated from the main processor.
Decrypting data within the Keychain requires a round trip through the Secure Enclave adding an extra layer of security. If the iOS keychain or application processor is compromised, Uniswap mobile wallet keychain items remain encrypted because the encryption key is kept in a hardened hardware module separate from the main processor. iOS Keychain and Secure Enclave are Apple implementations and are not specific to our wallet.
The Uniswap mobile wallet accesses seed phrases and private keys to
- Display the seed phrase on-screen
- Create signatures
To display items on-screen, we use a native UI component written in Swift to fetch and display the seed phrase from the secure iOS Keychain.
The flow for creating signatures is more extensive. When the wallet has a message or transaction to sign, it is sent from React Native to Swift. The wallet's private key is securely fetched from the iOS keychain, and the
To further protect these sensitive user flows, you can enable biometric authentication via Face ID or Touch ID. Whenever you attempt to view your seed phrase or sign a transaction, you will be prompted to complete biometric authentication.
We compiled the
ethers-rs library written in Rust to an iOS-compatible version in C++,
All self-custodial wallets come with manual backups, encouraging users to write down their seed phrase for later recovery. But if a user loses their phone without a manual backup, they will lose access to their wallet. That’s why the Uniswap mobile wallet offers two recovery methods:
- Manual seed phrase
- iCloud backup
Users can manually back up their seed phrase by viewing it during the onboarding flow or by revealing it in-app after passing an authentication check. They are encouraged to physically write it down. We strongly recommend Face ID as the strongest authentication treatment.
iCloud recovery is optional but highly recommended for those new to crypto. When a user chooses the iCloud backup, we require a user password to encrypt the seed phrase before storing it in iCloud. This way, even if a user's iCloud account is compromised their wallet is still protected.
To restore a wallet from iCloud backup, users must be logged into their iCloud account and enter the password they used to encrypt their seed phrase.
This additional encryption mechanic maximizes security while still supporting an intuitive and familiar backup experience.
Uniswap Labs does not keep any information that allows us to identify individuals. We do not store first name, last name, street address, date of birth, email address, or IP address in any of our products, including our mobile wallet.
Anything we keep is confined to on-chain data and very limited off-chain data like device type and browser version, which allows us to troubleshoot errors and improve products for our users. None of this data is identifiable.
The Uniswap mobile wallet uses APIs like Infura, OpenSea, Covalent, TRM, and more. Many of these APIs help us serve data to the user, like token prices, NFT data, and on-chain activity. Most requests sent to these APIs are proxied through a Uniswap Labs server that removes and deletes IP addresses. A handful of API calls sent to Infura are direct, which includes IP. We are actively working to obfuscate non-proxied API calls.
As of this blog post, the Uniswap mobile wallet is waiting for App Store approval. In the meantime, we have released the mobile wallet on TestFlight. We'll periodically release access links on Twitter, so please watch our feed. You can also learn more about the wallet features in our announcement post and dive into the wallet repo.
If you have any questions or feedback, please join Discord and ask!
Update (April 13th, 2023): The Uniswap mobile wallet GA release was cut. Download it from the App Store.