Why Tangem Wallet Does Not Need a Screen

In today’s crypto landscape, security matters more than ever. Tangem’s wallet app combines strong protection with a genuinely simple, user-friendly experience. What makes it different is its hardware-first approach: the cards themselves handle the most sensitive operations, even though they have no screen. In this article, I explain how we’ve designed the app’s security to match that standard.
 

Tangem's security-first philosophy

Tangem is dedicated to creating the most secure mobile wallet in the industry. Our approach to app security is based on globally recognized best practices from organizations like OWASP and follows the latest security and privacy guidelines published by Google and Apple.

We use advanced techniques and modern technologies to stay at the forefront of mobile security, offering users confidence and protection as they manage their digital assets.

Tangem uses cutting-edge embedded mobile security tools, including DexProtector by Licel, which is used by leading banking and payment applications. 

DexProtector is the first software protection tool approved by EMVCo for both Android and iOS. It is regularly evaluated to ensure that it can withstand the latest threats.

Five pillars of mobile app security

Tangem has a comprehensive set of security measures in place to protect user data and keep the app safe from potential threats. These measures are divided into five main categories:
 

1. Data protection and privacy

Your privacy matters—and Tangem is built to protect it from the ground up.

Data encryption

To prevent unauthorized access to sensitive information during application runtime, Tangem encrypts all data. This approach aligns with the recommendations of the OWASP MSTG (Minimum Security Threats Group), minimizing the risk of automated attacks and unauthorized access to data.

Secure local storage

Tangem does not store sensitive data in plain text on the device. All local storage is encrypted and limited to the app's secure environment, making it inaccessible to other apps and resilient against tampering, even on rooted or jailbroken devices.

Sensitive data handling

When a user copies sensitive information like wallet addresses or security codes, Tangem ensures that this data is handled securely on both Android and iOS platforms. On Android, copied data is marked as private in the system, preventing other apps from accessing it in the background. 

On iOS, the app uses system-level protections and avoids unnecessary clipboard usage to minimize exposure. These safeguards help prevent potential leaks of sensitive information through the clipboard—a common but often overlooked attack vector.

Log sanitization and network log refactoring

Our app logs are thoroughly sanitized to remove or hide sensitive information. We also carefully restructure our network logs to exclude confidential details, which significantly reduces the risk of information leaks.
 

2. Application and runtime integrity

We ensure that the app runs exactly as it should—untouched, unmodified, and secure from the inside out.

Integrity checks

The application includes built-in mechanisms that verify its code and content to detect any unauthorized changes. These checks ensure that the application is genuine and prevent the execution of potentially harmful or unauthorized versions. Integrity checks are a crucial part of Runtime Application Self-Protection (RASP) and are recommended by the OWASP MSTG as a key to maintaining application trust and security.

Anti-debugging and anti-emulation measures

The Tangem app has special mechanisms that detect whether it is running in debug mode or in an emulated environment. Attackers commonly use debugging tools and emulators to dynamically analyze app behavior, identify vulnerabilities, or reverse-engineer application logic. 

By detecting and preventing execution under these conditions, the app significantly reduces the risk of exploitation, runtime attacks, and unauthorized data extraction.

Root and jailbreak detection

The app continuously monitors for signs of rooting or jailbreaking and may limit or block access to sensitive operations on compromised devices. This helps ensure that critical functionality is executed only in secure, trusted environments.
 

3. Secure communication

All communications are encrypted and verified to prevent interception or tampering.

Certificate transparency

All network communications use Certificate Transparency to prevent the issuance and use of fraudulent certificates. This ensures secure connections and enhances trust.

By publicly logging certificates issued by Certificate Authorities (CAs), Certificate Transparency helps to mitigate man-in-the-middle attacks.
Domain owners and third parties can quickly detect unauthorized certificates, minimizing the risk of compromise.

Network security and certificate pinning

All network traffic is transmitted over secure TLS connections (TLS 1.2 or higher). The app thoroughly verifies server identities to ensure communication only occurs with trusted servers. This helps reduce the risk of man-in-the-middle attacks and maintain a secure, trustworthy network.
 

4. User interface and input security

We focus on securing user interactions, preventing UI-based attacks, and protecting sensitive input from interception or manipulation.

Cross-app scripting and WebView protection

Tangem helps prevent cross-app scripting attacks by verifying all interactions between apps, especially those within WebView components. These components are a common target for mobile app exploits.

The app restricts JavaScript execution, carefully manages SSL certificate validation, and ensures that content loaded into the WebView is securely sourced and sanitized. These measures help prevent a wide range of potential attacks, including cross-site scripting (XSS), JavaScript injection, and man-in-the-middle (MITM) exploits.

Tangem follows industry-recognized security practices outlined in OWASP MSTG and Google's Android WebView security guidelines.
 

Tapjacking protection

The app has robust mechanisms to detect and prevent tapjacking—a type of UI redress attack—where a malicious app overlays invisible or misleading UI elements on top of the legitimate app, tricking users into unintentionally executing actions.

Tangem actively checks for obscured views during user interaction to ensure that no invisible UI overlays can hijack user taps in sensitive parts of the application, such as security-critical actions. Tapjacking is a well-documented threat in the OWASP Mobile Top 10 and Android security best practices.
 

Secure input handling

Tangem takes a multi-layered approach to securing sensitive input fields in its app. It detects the use of custom keyboards when users enter sensitive data, helping protect them from keyloggers and unauthorized monitoring of their input. 

Additionally, system-level features like autocomplete, spell-checking, password saving, autocorrection, and predictive input are disabled for critical fields. These mechanisms, while convenient in everyday use, may inadvertently store or suggest sensitive information, creating a risk of unintentional data exposure.

Tangem also uses secure input field configurations that signal to the operating system that the content is private and must not be cached, logged, or exposed to accessibility services.
 

Disabled screenshots and screen recording

Screenshots and screen recordings are prohibited in areas of the app where sensitive data, such as recovery phrases or private keys, is displayed. This helps prevent both intentional and accidental capture of confidential information, especially in environments where screen content could be recorded without user awareness. 

This measure also aligns with OWASP MSTG recommendations and is especially critical for applications that handle financial or cryptographic assets.

 

5. Architecture and operational security

Tangem’s backend architecture and operational workflows are designed to enforce strict security controls and maintain the integrity of the mobile app.

Session management and token protection

We take the security of authentication tokens and session identifiers very seriously, ensuring a safe and stable experience across both Android and iOS platforms. 

Tokens are stored using the platform's secure mechanisms and are never stored or transmitted in plain text. Sessions automatically expire after a specified period of inactivity, which helps reduce the risk of unauthorized access if a device is lost or compromised.
 

Code review and audit process

Before being released, all code integrated into the Tangem mobile application goes through multiple layers of review. Critical components are explicitly marked and undergo additional peer review to ensure correctness, security, and stability.

In addition to pre-release controls, Tangem conducts regular internal audits to assess the integrity and security of the codebase. Automated tools are also used throughout the development lifecycle to maintain code quality and minimize the risk of vulnerabilities.
 

Minimized permissions

Tangem follows the principle of least privilege, requesting only the permissions that are absolutely necessary for the app to operate. This approach helps to reduce the attack surface and protect user data by preventing access to device features that are not crucial for the app's core functionality.

By minimizing permissions, Tangem also enhances transparency and trust. This aligns with both OWASP recommendations and platform-specific privacy guidelines from Google and Apple.

These thorough measures are designed to ensure the highest level of security and privacy for our users.
 

Why the "no screen is bad" narrative fails

By shifting key processes to the secure mobile app, Tangem’s hardware wallet doesn't need a display. The secure app handles all critical interactions and is protected by the robust security layers outlined above. This simplifies the user experience while keeping their digital assets safe.
 

Final thoughts

Tangem is setting new standards for crypto wallet security by combining advanced protection with thoughtful design. Every aspect of the app is built with user safety in mind, from encrypted storage to secure input handling and runtime protection.

For users who value security above all else but don't want to sacrifice convenience, Tangem provides peace of mind backed by industry-leading standards and ongoing innovation.