What is the ChainGuard Mobile App?

The ChainGuard Mobile App is a free mobile application that provides airgapped two-factor authentication for all ChainGuard operations. It enables secure transaction signing, OAuth authentication, and vault operation approvals through QR code scanning and biometric protection. Available for iOS and Android.

How does the ChainGuard Mobile App work?

The ChainGuard Mobile App works as an airgapped 2FA device: 1) Download and install the app, 2) Pair your device with your ChainGuard account by scanning a QR code, 3) When you need to approve an operation, scan the QR code displayed on your screen, 4) Review transaction details in human-readable format, 5) Approve or reject using biometric authentication. All signatures are generated locally on your device.

Is the ChainGuard Mobile App free?

Yes, the ChainGuard Mobile App is completely free to download and use. There are no subscription fees, no in-app purchases, and no hidden costs. The app is available on the App Store (iOS) and Google Play Store (Android) at no charge.

What security features does the mobile app provide?

The ChainGuard Mobile App provides: Airgapped security (can operate offline), biometric protection (Face ID, Touch ID, fingerprint), encrypted storage (AES-256-GCM), private key isolation (keys never leave device), human-readable transaction display, real-time WebSocket communication, and comprehensive error handling. All sensitive operations require biometric authentication.

Do I need the mobile app to use ChainGuard?

Yes, the ChainGuard Mobile App is required for all wallet operations. All ChainGuard transactions, OAuth authentications, and vault operations require mandatory 2FA via the mobile app. This ensures maximum security - no operation can be executed without your mobile device approval.

Can the mobile app work offline?

Yes! The ChainGuard Mobile App can operate in airgapped mode. You can sign transactions offline - the app generates cryptographic signatures locally without requiring internet connectivity. When you reconnect, the signed transactions are submitted. This airgapped architecture provides maximum security.

What types of transactions can I sign with the mobile app?

The ChainGuard Mobile App supports: ETH transfers and withdrawals, ERC20 token transfers and withdrawals, ERC721 NFT withdrawals, ERC1155 NFT withdrawals, account management operations, OAuth authentication requests, and vault operation approvals. All transaction types are displayed in human-readable format before signing.

How do I pair my mobile device with my ChainGuard account?

To pair your device: 1) Download and install the ChainGuard Mobile App, 2) Sign in with your ChainGuard credentials or create a new account, 3) Open your ChainGuard dashboard on desktop/web, 4) Navigate to device pairing section, 5) Scan the displayed QR code with your mobile app, 6) Confirm pairing on both devices. Your device is now paired and ready to provide 2FA.

Can I use multiple mobile devices?

Yes, you can pair multiple mobile devices with your ChainGuard account. Each device provides independent 2FA capability. You can manage all paired devices from your dashboard, including the ability to unpair devices if you lose one or want to remove access.

What happens if I lose my mobile device?

If you lose your mobile device, you should immediately unpair it from your ChainGuard account using your password and primary wallet signature from your dashboard. Then pair a new device by downloading the app and scanning the QR code. Your vault assets remain secure during this process because the three-address protocol still requires your primary wallet signature.

Does the mobile app store my private keys?

Yes, the ChainGuard Mobile App generates and stores a 2FA private key locally on your device. This key is encrypted using AES-256-GCM and stored in the device's secure enclave (iOS) or hardware-backed keystore (Android). The key never leaves your device and is never transmitted to ChainGuard servers.

How does biometric authentication work?

Biometric authentication uses your device's built-in Face ID, Touch ID, or fingerprint scanner to unlock the ChainGuard Mobile App. Biometric data is processed locally on your device and never transmitted to ChainGuard. The app requires biometric authentication before displaying transaction details or generating signatures.

Can I use the mobile app without biometric authentication?

Biometric authentication is highly recommended for security, but you can use a PIN or password as an alternative. However, biometric authentication provides the strongest security and is required for high-value operations. The app will prompt you to enable biometrics during setup.

Which blockchain networks does the mobile app support?

The ChainGuard Mobile App supports all ChainGuard networks: Base (Coinbase L2), Arbitrum (Optimistic Rollup), Optimism (Optimistic Rollup), Polygon (PoS Chain), and Ethereum mainnet. One app works for all networks - you can sign transactions across any supported chain.

How do I update the ChainGuard Mobile App?

The ChainGuard Mobile App receives regular updates through the App Store (iOS) and Google Play Store (Android). Updates are automatic if you have auto-update enabled, or you can manually update through the respective app stores. Critical security updates are pushed immediately and may require updating before using the app.

What information does the mobile app collect?

The ChainGuard Mobile App collects minimal information: Account credentials (email/password for sign-in), device information (for pairing and security), transaction approval data (processed locally), and app usage analytics (anonymized). Private keys, biometric data, and transaction details never leave your device.

Can I use the mobile app with hardware wallets?

The ChainGuard Mobile App works alongside hardware wallets. Your primary wallet (MetaMask, Ledger, Trezor, etc.) provides one signature, and the ChainGuard Mobile App provides the 2FA signature. The three-address protocol requires both signatures plus the ChainGuard address for vault operations.

How fast is transaction approval with the mobile app?

Transaction approval is nearly instant. The app uses WebSocket connections for real-time communication, so when you scan a QR code and approve a transaction, the approval is transmitted immediately. Total time from scan to approval is typically 2-5 seconds, depending on network conditions.

Is the mobile app available in all countries?

The ChainGuard Mobile App is available globally through the App Store and Google Play Store, subject to local app store policies. Some countries may have restrictions on cryptocurrency-related apps. Check your local app store for availability.

What are the system requirements for the mobile app?

iOS: Requires iOS 13.0 or later. Compatible with iPhone, iPad, and iPod touch. Android: Requires Android 8.0 (API level 26) or later. The app requires camera access for QR code scanning and biometric hardware (Face ID, Touch ID, or fingerprint scanner) for optimal security.

Can developers integrate with the ChainGuard Mobile App?

Yes! Developers can integrate ChainGuard OAuth into their dApps, which automatically uses the ChainGuard Mobile App for 2FA. The mobile app handles all authentication and transaction approval flows. No additional integration is needed - users simply scan QR codes with the app.

What is device attestation in the ChainGuard Mobile App?

Device attestation verifies that your mobile device is genuine and hasn't been tampered with. ChainGuard uses Google Play Integrity API (Android) and Apple App Attest (iOS) to cryptographically verify device authenticity. This ensures only legitimate, unmodified devices can access your ChainGuard account, preventing compromised or jailbroken devices from being used.

How does device attestation work technically?

Device attestation works by: 1) Your device generates hardware-backed attestation keys stored in secure hardware (Secure Enclave on iOS, HSM on Android), 2) The app requests an attestation token from Google/Apple APIs, 3) ChainGuard servers verify the token using official Google/Apple verification APIs, 4) Device integrity, app authenticity, and key origin are all verified before allowing operations. This prevents spoofing and ensures maximum security.

Can I configure device attestation validity periods?

Yes! You can configure device attestation validity periods in your ChainGuard dashboard. Set custom validity durations (e.g., 1 day, 7 days, 30 days) based on your security requirements. Enterprise accounts can enforce maximum validity periods (e.g., 7 days) to ensure regular device re-verification for enhanced security.

What is instant renewal for high-value operations?

Instant renewal is a security feature that requires device re-attestation before approving high-value transactions, regardless of validity period. You can configure this in your dashboard to automatically trigger re-attestation before approving vault withdrawals, large transfers, or account modifications above your configured threshold. This ensures maximum security for critical operations.

How do I set up instant renewal for high-value operations?

To set up instant renewal: 1) Open your ChainGuard dashboard, 2) Navigate to device attestation settings, 3) Enable "Instant Renewal for High-Value Operations", 4) Set your transaction threshold (e.g., $10,000, 10 ETH), 5) Configure which operation types require instant renewal (vault operations, transfers, account changes). The app will automatically prompt for re-attestation when these thresholds are met.

What happens if device attestation expires?

If device attestation expires, you'll need to re-attest your device before approving operations. The app will prompt you to re-verify your device when you attempt to approve a transaction. The re-attestation process is quick - simply follow the on-screen prompts to regenerate and verify your attestation token. Your account remains secure during this process.

Can I use the mobile app on a jailbroken or rooted device?

No, ChainGuard Mobile App cannot be used on jailbroken (iOS) or rooted (Android) devices for security reasons. Device attestation will fail on compromised devices, preventing access to your ChainGuard account. This protects your assets from potential security vulnerabilities that exist on modified devices.

How does the mobile app work with different blockchain networks?

The ChainGuard Mobile App is chain-agnostic and project-agnostic. It works universally with any blockchain network or Web3 project. The app generates off-chain signatures that are compatible with any EVM-compatible chain (Ethereum, Base, Arbitrum, Optimism, Polygon, etc.). There are no chain limitations or project restrictions - one app for all your Web3 signing needs.

What is the difference between transaction signing and authentication signing?

Transaction signing approves on-chain operations like ETH transfers, token transfers, and NFT operations. Authentication signing approves OAuth login requests and access permissions for dApps. The ChainGuard Mobile App handles both types of signing - you scan QR codes and approve either transactions or authentication requests using the same device and workflow.

How does the 2FA signature flow work?

The 2FA signature flow works in two steps: 1) First, you scan a QR code and approve the operation on your mobile app (2FA signature), 2) Then, your primary wallet signature is required for on-chain initiation. The mobile app provides the mandatory 2FA signature, and your wallet provides the primary signature. Both signatures are required for all operations.

Can I use the mobile app for OAuth login authentication?

Yes! The ChainGuard Mobile App is used for all OAuth login authentication. When you log into a dApp using ChainGuard OAuth, a QR code appears on your screen. Scan it with the mobile app, review the login request and permissions, and approve or reject using biometric authentication. The app provides the 2FA signature required for OAuth authentication.

What permissions can I grant through OAuth with the mobile app?

Through ChainGuard OAuth, you can grant permissions for: Profile information (username, email), Vault access (view vault balance and operations), Identity data (KYC status, attestations), and Transaction approval (sign transactions on behalf of the platform). You can review and approve each permission individually when scanning the QR code with the mobile app.

How secure is the QR code scanning process?

QR code scanning is highly secure: 1) All QR codes are cryptographically signed and verified before processing, 2) QR codes contain encrypted, time-limited tokens that expire quickly, 3) Each QR code can only be used once, preventing replay attacks, 4) The app verifies QR code authenticity before displaying transaction details, 5) Invalid or tampered QR codes are immediately rejected.

What happens if I scan a malicious QR code?

The ChainGuard Mobile App will reject any QR code that doesn't pass cryptographic verification. Malicious or tampered QR codes cannot be processed - the app verifies the signature, checks expiration, and validates the token before displaying any transaction details. If a QR code fails verification, you'll see an error message and no transaction will be displayed or signed.

Can I review transaction details before signing?

Yes! The ChainGuard Mobile App displays all transaction details in human-readable format before you sign. You'll see: Transaction type (ETH transfer, token transfer, etc.), Amount and currency, Recipient address, Network (Base, Arbitrum, etc.), Gas fees (if applicable), and Transaction purpose. Review all details carefully before approving with biometric authentication.

What happens if I reject a transaction on the mobile app?

If you reject a transaction on the mobile app, the operation is cancelled immediately. No signature is generated, and the transaction request is terminated. The platform or dApp will receive a rejection notification. You can always initiate a new transaction request if you change your mind.

How does the mobile app handle network connectivity issues?

The ChainGuard Mobile App can operate in airgapped mode - you can sign transactions offline. When you scan a QR code and approve a transaction, the signature is generated locally on your device. If you're offline, the signed transaction is stored locally and automatically submitted when you reconnect to the internet. This ensures you can always approve critical operations even without connectivity.

Can I use the mobile app with multiple ChainGuard accounts?

Yes, you can use the ChainGuard Mobile App with multiple ChainGuard accounts. Simply sign out and sign in with different credentials. Each account maintains its own paired devices and 2FA keys. You can switch between accounts as needed, and each account's operations are completely isolated.

What is the three-address protocol and how does the mobile app fit in?

The three-address protocol requires three addresses for vault operations: 1) Primary Address (your main wallet - MetaMask, Ledger, etc.), 2) 2FA Address (your ChainGuard Mobile App device), 3) Secondary Address (recovery wallet). The mobile app provides the mandatory 2FA signature. All three signatures are required for vault operations, providing maximum security.

How does the mobile app protect against phishing attacks?

The ChainGuard Mobile App protects against phishing through: 1) Cryptographic QR code verification (phishing sites can't generate valid QR codes), 2) Human-readable transaction display (you see exactly what you're approving), 3) Device attestation (prevents compromised devices), 4) Server-side verification (all operations verified on ChainGuard servers), 5) Time-limited tokens (QR codes expire quickly). Always verify transaction details before approving.

Can I export or backup my mobile app keys?

No, the ChainGuard Mobile App does not support key export or backup for security reasons. Keys are stored in hardware-backed secure storage and cannot be extracted. If you lose your device, you can unpair it from your dashboard and pair a new device. Your vault assets remain secure because the three-address protocol still requires your primary wallet signature.

What happens to my mobile app data if I uninstall the app?

If you uninstall the ChainGuard Mobile App, all local data including your 2FA keys are permanently deleted from your device. You'll need to reinstall the app and pair a new device with your ChainGuard account. Your ChainGuard account and vault assets are unaffected - only the mobile device pairing is removed.

How does the mobile app ensure privacy?

The ChainGuard Mobile App ensures privacy through: 1) Local key storage (keys never leave your device), 2) Minimal data collection (only necessary account and device info), 3) Encrypted communication (all data transmitted via encrypted WebSocket), 4) No transaction history storage (transaction details are processed and discarded), 5) Biometric data never transmitted (processed locally only), 6) Anonymous analytics (usage data is anonymized).

Can I use the mobile app for enterprise accounts?

Yes! The ChainGuard Mobile App supports enterprise accounts with enhanced features: Configurable attestation validity periods (enforce maximum 7-day validity), instant renewal for high-value operations, operation-specific attestation policies, team device management, and audit logging. Enterprise accounts can configure stricter security policies through the dashboard.

How do I manage multiple devices for my enterprise account?

Enterprise account administrators can manage all paired devices from the dashboard: View all paired devices, see device attestation status, configure device-specific policies, unpair devices remotely, set device attestation validity periods, and configure instant renewal thresholds. All device management actions require appropriate permissions.

What is hardware-backed key attestation?

Hardware-backed key attestation ensures that cryptographic keys are stored in secure hardware (Secure Enclave on iOS, Hardware Security Module on Android). The attestation proves that keys are stored in tamper-resistant hardware and cannot be extracted or modified. This provides the highest level of device binding security, ensuring keys are protected even if the device is compromised.

How does server-side verification work?

Server-side verification ensures all device attestation tokens are verified on ChainGuard servers using Google and Apple's official verification APIs. This prevents attestation spoofing - even if someone tries to fake an attestation token, ChainGuard servers will reject it because they verify directly with Google/Apple. This ensures only legitimate, verified devices can access accounts.

Can I use the mobile app without a ChainGuard subscription?

Yes! The ChainGuard Mobile App is free to download and use. However, to use it for ChainGuard operations (vault transactions, OAuth authentication), you need an active ChainGuard account. You can create a free account and use the mobile app for basic operations, but full functionality requires a ChainGuard subscription for vault and advanced features.

What is the difference between the mobile app and a hardware wallet?

The ChainGuard Mobile App provides 2FA signatures for ChainGuard operations, while hardware wallets (Ledger, Trezor) provide primary wallet signatures. They work together: Your hardware wallet signs transactions as the primary address, and the mobile app provides the mandatory 2FA signature. The mobile app is specifically designed for ChainGuard's three-address protocol, while hardware wallets are general-purpose signing devices.

How does the mobile app handle app updates and security patches?

The ChainGuard Mobile App receives regular updates through the App Store and Google Play Store. Critical security patches are pushed immediately and may require updating before using the app. The app checks for updates on launch and notifies you if an update is required. Always keep the app updated to the latest version for maximum security.

ChainGuard Mobile App

ChainGuard App

Airgapped 2FA Security for Web3

The ChainGuard Mobile App is intentionally built as an offline and off-chain 2FA device, providing enterprise-grade security for all your Web3 operations. Download free and use it to sign transactions, authenticate OAuth logins, and approve vault operations - all without your private keys ever leaving your device.

Universal Compatibility: Built as a chain-agnostic and project-agnostic device, the ChainGuard Mobile App works with any blockchain network or Web3 project. There are no chain limitations or project restrictions - it's designed to be your universal 2FA solution for the entire Web3 ecosystem.

Critical Security Feature: All ChainGuard operations require mandatory 2FA via the mobile app. Users scan QR codes and approve operations (transactions, logins, vault actions) on their mobile device. This airgapped, off-chain approach ensures maximum security - your private keys never leave your device, and signatures are generated locally before transmission.

Free

No Cost to Download

Airgapped

Offline Security

Biometric

Face ID / Touch ID

Real-Time

Instant Verification

How ChainGuard Mobile App Works

Simple, secure 2FA flow that protects all your Web3 operations

Download & SetupDownload the ChainGuard Mobile App from the App Store or Google Play. Create your account or sign in with your existing ChainGuard credentials. The app automatically generates a secure 2FA address for your device.

Pair with Your AccountOpen your ChainGuard dashboard and navigate to device pairing. Scan the QR code displayed on your screen with the ChainGuard Mobile App. Your device is now paired and ready to provide 2FA for all operations.

Device Attestation & SettingsChainGuard automatically verifies your device using Google Play Integrity API (Android) or Apple App Attest (iOS). Configure device attestation validity periods in your dashboard. Enterprise accounts can enforce maximum validity periods (e.g., 7 days) and require instant renewal for high-value operations.

Approve OperationsWhen you initiate a transaction, OAuth login request, or vault operation, a QR code appears on your screen. Open the ChainGuard Mobile App, scan the QR code, review the operation details (transaction data or login request), and approve or reject using biometric authentication.

Off-Chain Signature GenerationAfter approval, the app generates a cryptographic signature locally on your device (off-chain). Your private keys never leave your mobile device. The signature is then transmitted securely via encrypted WebSocket connections. This off-chain signature approach works universally with any chain or project.

Key Features

Enterprise-grade security features built into a simple mobile app

Security & Privacy

Built with security as the foundation, not an afterthought

Private Key Isolation

Private keys are generated locally and never transmitted over the network. They remain encrypted on your device at all times.

Encrypted Storage

AES-256-GCM encryption protects all sensitive data. Keys are stored in hardware-backed secure storage when available.

Biometric Authentication

Face ID, Touch ID, or fingerprint required to unlock the app. Biometric data never leaves your device.

Transaction Verification

Every transaction is displayed in human-readable format before signing. Review all details before approval.

Session Management

WebSocket sessions are temporary and can be cancelled at any time. No persistent connections store sensitive data.

Error Boundaries

Comprehensive error handling prevents data leaks. Graceful degradation ensures security even in edge cases.

Device Attestation

Google Play Integrity API (Android) and Apple App Attest (iOS) verify device authenticity. Hardware-backed attestation ensures your device hasn't been tampered with or compromised.

Configurable Attestation Validity

Configure device attestation validity periods in your dashboard. Enterprise accounts can set maximum validity periods (e.g., 7 days) and require instant renewal for high-value operations.

Device Attestation & Security Settings

Enterprise-grade device verification with configurable security policies

Dashboard Settings

Configure device attestation policies in your ChainGuard dashboard:

Validity Period

Set maximum validity period for device attestation (e.g., 1 day, 7 days, 30 days). Enterprise accounts can enforce shorter periods for enhanced security.

Instant Renewal

Enable instant renewal for high-value operations. Device re-attestation is required before approving transactions above your configured threshold.

Operation Policies

Configure different attestation requirements for different operation types: vault operations, OAuth logins, transaction signing, and account management.

Use Cases

Essential 2FA for all ChainGuard operations

Ready to Secure Your Web3 Operations?

Download the ChainGuard Mobile App for free and start using enterprise-grade 2FA for all your blockchain operations. Available on iOS and Android.

Don't have a ChainGuard account yet? Get started for free

ChainGuard Mobile App

Airgapped 2FA Security for Web3

How ChainGuard Mobile App Works

Key Features

Intentionally Offline & Off-Chain

Biometric Protection

QR Code Scanning

Human-Readable Transactions

Real-Time Processing

Secure Storage

Universal Chain & Project Compatibility

Transaction & Authentication Signing

Device Attestation & Binding

Security & Privacy

Private Key Isolation

Encrypted Storage

Biometric Authentication

Transaction Verification

Session Management

Error Boundaries

Device Attestation

Configurable Attestation Validity

Device Attestation & Security Settings

Google Play Integrity API (Android)

Apple App Attest (iOS)

Configurable Validity Periods

Instant Renewal for High-Value Operations

Hardware-Backed Key Attestation

Server-Side Verification

Dashboard Settings

Validity Period

Instant Renewal

Operation Policies

Use Cases

OAuth & Login Authentication

Vault Operations

Transaction & Login Signing

Device Pairing

Identity Verification

Real-Time Approvals

Ready to Secure Your Web3 Operations?

ChainGuard Mobile App - Airgapped 2FA Security for Web3

How ChainGuard Mobile App Works

Key Features

Security Features

Device Attestation

Use Cases