In today’s digital world, where managing crypto assets securely is more important than ever, Tangem stands out by offering a wallet app that’s both highly secure and user-friendly.
A key part of Tangem’s strength lies in its unique approach to mobile application security—one that doesn't even require a screen on the hardware itself.
Let’s take a look at how we ensure top-notch security across our wallet app.
Tangem's security-first philosophy
Tangem is dedicated to creating the most secure mobile wallet in the industry. Our approach to app security is based on globally recognized best practices from organizations like OWASP and follows the latest security and privacy guidelines published by Google and Apple.
We use advanced techniques and modern technologies to ensure that we are at the forefront of mobile security, offering users confidence and protection when managing their digital assets.
Tangem uses cutting-edge embedded mobile security tools, including DexProtector by Licel, which is used by leading banking and payment applications.
DexProtector is the first software protection tool approved by EMVCo for both Android and iOS. It is regularly evaluated to ensure that it can withstand the latest threats.
Five pillars of mobile app security
Tangem has a comprehensive set of security measures in place to protect user data and keep the app safe from potential threats. These measures are divided into five main categories:
1. Data protection and privacy
Your privacy matters—and Tangem is built to protect it from the ground up.
Data encryption
To prevent unauthorized access to sensitive information during application runtime, Tangem encrypts all data. This approach aligns with the recommendations of the OWASP MSTG (Minimum Security Threats Group), minimizing the risk of automated attacks and unauthorized access to data.
Secure local storage
Tangem does not store sensitive data in plain text on the device. All local storage is encrypted and limited to the app's secure environment, making it inaccessible to other apps and resilient against tampering, even on rooted or jailbroken devices.
Sensitive data handling
When a user copies sensitive information like wallet addresses or security codes, Tangem ensures that this data is handled securely on both Android and iOS platforms. On Android, copied data is marked as private in the system, preventing other apps from accessing it in the background.
On iOS, the app uses system-level protections and avoids unnecessary clipboard usage to minimize exposure. These safeguards help prevent potential leaks of sensitive information through the clipboard—a common but often overlooked attack vector.
Log sanitization and network log refactoring
Our app logs are thoroughly sanitized to remove or hide sensitive information. We also carefully restructure our network logs to exclude confidential details, which significantly reduces the risk of information leaks.
2. Application and runtime integrity
We ensure that the app runs exactly as it should—untouched, unmodified, and secure from the inside out.
Integrity checks
The application includes built-in mechanisms that verify its code and content to detect any unauthorized changes. These checks ensure that the application is genuine and prevents the execution of potentially harmful or unauthorized versions. Integrity checks are a crucial part of Runtime Application Self-Protection (RASP) and are recommended by the OWASP MSTG as a key to maintaining application trust and security.
Anti-debugging and anti-emulation measures
The Tangem app has special mechanisms that can detect if it is running in debugging mode or in an emulated environment. Attackers commonly use debugging tools and emulators to analyze app behavior dynamically, identify vulnerabilities, or reverse-engineer the application logic.
By detecting and preventing execution under these conditions, the app significantly reduces the risk of exploitation, runtime attacks, and unauthorized data extraction.
Root and jailbreak detection
The app continuously monitors for signs of rooting or jailbreaking and may limit or block access to sensitive operations on compromised devices. This helps ensure that critical functionality is only executed in secure and trusted environments.
3. Secure communication
All communications are encrypted and verified to prevent interception or tampering.
Certificate transparency
All network communications use Certificate Transparency to prevent the issuance and use of fraudulent certificates. This ensures secure connections and enhances trust.
By publicly logging certificates issued by Certificate Authorities (CAs), Certificate Transparency helps to mitigate man-in-the-middle attacks. Domain owners and third parties can quickly detect unauthorized certificates, minimizing the risk of compromise.
Network security and certificate pinning
All network traffic is transmitted over secure TLS connections (TLS 1.2 or higher). The app thoroughly verifies server identities to ensure communication only occurs with trusted servers. This helps to reduce the risk of man-in-the-middle attacks and maintain a secure and trustworthy network.
4. User interface and input security
We focus on securing user interactions, preventing UI-based attacks, and protecting sensitive input from interception or manipulation.
Cross-app scripting and WebView protection
Tangem helps prevent cross-app scripting attacks by verifying all interactions between apps, especially those within WebView components. These components are a common target for mobile app exploits.
The app restricts JavaScript execution, carefully manages SSL certificate validation, and ensures that content loaded into the WebView is securely sourced and sanitized. These measures help prevent a wide range of potential attacks, including cross-site scripting (XSS), JavaScript injection, and man-in-the-middle (MITM) exploits.
Tangem follows industry-recognized security practices outlined in OWASP MSTG and Google's Android WebView security guidelines.
Tapjacking protection
The app has robust mechanisms to detect and prevent tapjacking—a type of UI redress attack—where a malicious app overlays invisible or misleading UI elements on top of the legitimate app, tricking users into unintentionally executing actions.
Tangem actively checks for obscured views during user interaction to make sure that no invisible UI overlays can hijack user taps in sensitive parts of the application, such as accessing security-critical actions. Tapjacking is a well-documented threat in the OWASP Mobile Top 10 and Android security best practices.
Secure input handling
Tangem takes a multi-layered approach to securing sensitive input fields in its app. It detects the use of custom keyboards when users enter sensitive data, helping to protect them from keyloggers and unauthorized input monitoring.
Additionally, system-level features like autocomplete, spell-checking, password saving, autocorrection, and predictive input are disabled for critical fields. These mechanisms, while convenient in everyday use, may inadvertently store or suggest sensitive information, creating a risk of unintentional data exposure.
Tangem also uses secure input field configurations that signal to the operating system that the content is private and must not be cached, logged, or exposed to accessibility services.
Disabled screenshots and screen recording
Screenshots and screen recordings are prohibited in areas of the app where sensitive data, such as recovery phrases or private keys, is displayed. This helps prevent both intentional and accidental capture of confidential information, especially in environments where screen content could be recorded without user awareness.
This measure also aligns with OWASP MSTG recommendations and is especially critical in applications handling financial or cryptographic assets.
5. Architecture and operational security
Tangem’s backend architecture and operational workflows are designed to enforce strict security controls and maintain the integrity of the mobile app.
Session management and token protection
We take the security of authentication tokens and session identifiers very seriously, ensuring a safe and stable experience across both Android and iOS platforms.
Tokens are stored using secure storage mechanisms provided by the platforms and are never stored or transmitted in plain text. Sessions automatically expire after a specified period of inactivity, which helps reduce the risk of unauthorized access if a device is lost or compromised.
Code review and audit process
Before being released, all code integrated into the Tangem mobile application goes through multiple layers of review. Critical components are explicitly marked and undergo additional peer review to ensure correctness, security, and stability.
In addition to pre-release controls, Tangem conducts regular internal audits to assess the integrity and security of the codebase. Automated tools are also used throughout the development lifecycle to maintain code quality and minimize the risk of vulnerabilities.
Minimized permissions
Tangem follows the principle of least privilege, requesting only the permissions that are absolutely necessary for the app to operate. This approach helps to reduce the attack surface and protect user data by preventing access to device features that are not crucial for the app's core functionality.
By minimizing permissions, Tangem also enhances transparency and trust. This aligns with both OWASP recommendations and platform-specific privacy guidelines from Google and Apple.
These thorough measures are designed to ensure the highest level of security and privacy for our users.
Why "no screen"?
By shifting key processes to the secure mobile app, Tangem’s hardware wallet doesn't need a display. The secure app handles all critical interactions and is protected by the robust security layers outlined above. This simplifies the user experience while keeping their digital assets safe.
Final thoughts
Tangem is setting new standards for crypto wallet security by combining advanced protection with thoughtful design. Every aspect of the app is built with user safety in mind, from encrypted storage to secure input handling and runtime protection.
For users who value security above all else but don't want to sacrifice convenience, Tangem provides peace of mind backed by industry-leading standards and ongoing innovation.
FAQ: Tangem Wallet app security
How does Tangem secure the Tangem mobile app?
Tangem’s mobile app handles all critical interactions and is built with layered security measures— including encryption, secure input handling, and real-time threat detection—making a hardware screen unnecessary. The result is a simpler and more secure user experience.
What kind of data does Tangem encrypt?
Tangem encrypts all sensitive data, including wallet information and session tokens, to protect it from unauthorized access during app runtime and local storage. No plain-text data is ever stored on your device.
Is my information safe if my phone is lost or compromised?
Yes. Tangem detects rooted or jailbroken devices and limits access to sensitive operations. Additionally, sessions automatically expire after inactivity, and all tokens are securely stored using platform-specific secure storage.
How does Tangem protect against clipboard attacks?
On Android, Tangem marks copied data as private so other apps can’t access it in the background. On iOS, it avoids unnecessary clipboard use altogether, helping prevent leaks through one of the most common mobile attack vectors.
Can hackers modify or tamper with the Tangem app?
Tangem includes app integrity checks to detect unauthorized modifications. The app will not run if it has been tampered with, ensuring that only official, unaltered versions can operate.
What protections are in place during communication with servers?
All network communication is protected by TLS (1.2 or higher) and uses certificate pinning and transparency to prevent man-in-the-middle (MITM) attacks or fake certificates.
Does Tangem allow screenshots or screen recordings?
No. In areas of the app where sensitive data is displayed—such as recovery phrases or private keys — screenshots and screen recordings are completely disabled to prevent accidental or malicious data capture.
How does Tangem prevent keylogging or unauthorized input tracking?
Tangem disables autocomplete, spellcheck, and predictive input in sensitive fields. It also detects when a custom keyboard is in use, protecting against keyloggers and data interception.
What is tapjacking, and how does Tangem prevent it?
Tapjacking is a type of attack where invisible overlays trick users into tapping on things they didn’t intend to. Tangem detects obscured UI elements and blocks actions in sensitive parts of the app to stop this type of threat.
What permissions does the Tangem app require?
Tangem follows the principle of least privilege — meaning it only requests the permissions necessary to perform core wallet functions. This limits exposure and enhances privacy and transparency.
