Security and Privacy

Device security

Polkadot Vault is built to be used offline. The mobile device used to run the app will hold important information that needs to be kept securely stored. It is therefore advised to:

  • Get a separate mobile device.
  • Make a factory reset.
  • Enable full-disk encryption on the device, with a reasonable password (might not be on by default, for example for older Android devices).
  • Do not use any kind of biometrics such as fingerprint or face recognition for device decryption/unlocking, as those may be less secure than regular passwords.
  • Once the app has been installed, enable airplane mode and make sure to switch off Wifi, Bluetooth or any connection ability of the device.
  • Only charge the phone on a power outlet that is never connected to the internet. Only charge the phone with the manufacturer's charging adapter. Do not charge the phone on public USB chargers.

How to get it and use it?

Install the app

The app is available in beta for Android and iOS :

Please double check carefully the origin of the app, and make sure that the company distributing it is Parity Technologies. Usual security advice apply to this air-gapped wallet:

  • When creating an account using Polkadot Vault Mobile app, make sure to write down the recovery phrase and store it in safe places.
  • Always double check the information of the transactions you are about to sign or send.
  • Make sure to first transfer a small amount of Ether with the app and verify that everything is working as expected before transferring larger amounts of Ether.

How to update Polkadot Vault securely

Once Polkadot Vault is installed, your device should never go online. This would put your private keys at threat. To update, you will need to :

  1. Make sure you possess the recovery phrase for each of your accounts. You can find it on Polkadot Vault by :
  • v4.0 choosing an identity > click the user icon at the top right > “Show Recovery Phrase”
  • v2.2 tapping an account > 3 dots menu at the top right > “Backup Recovery Phrase”
  • v2.0 tapping an account > tap on the account address > “Backup Recovery Phrase”
  1. Factory reset the device.
  2. Enable full-disk encryption on the device and set a strong password (might not be on by default, for example for older Android devices).
  3. Do not use any kind of biometrics such as fingerprint or face recognition for device decryption/unlocking, as those may be less secure than regular passwords.
  4. Install Polkadot Vault from the Apple store or Android store or download the APK from Polkadot Vault's Github repository (make sure you are on the right website and verify the checksum)
  5. Once the app has been installed, enable airplane mode and make sure to switch off Wifi, Bluetooth, and any other connection ability the device has.
  6. Only charge the phone on a power outlet that is never connected to the internet. Only charge the phone with the manufacturer's charging adapter. Do not charge the phone on public USB chargers.
  7. Recover your accounts.

What data does it collect?

None, it's as simple as that. The Polkadot Vault Mobile Android and iOS apps do not send any sort of data to Parity Technologies or any partner and work completely offline once installed.