The what and why of XUMM security architecture
XUMM allows users to transact in XRP and security lapses can be costly. The development team implemented a number of security measures to prevent attacks.
These include; blocking screenshots, blocking the app from running on devices with native security bypassed and not restoring from a third-party backup.
Security is a primary design principle in XUMM to protect users from malefactors.
Please reach out to XUMM Support with any questions or concerns. For more on XUMM Security please see : How does XUMM security compare to a hardware wallet?
For security reasons the following are disabled:
Screenshots (at specific screens, where secret information is entered, and if the OS doesn't allow us to specify specific screens: screenshots of the entire app
The ability to run on rooted / jail-broken devices
The ability to run from unofficial app stores
- Recovering from cloud backups. XUMM won't recover from OS (Android / iOS) backups: accounts will have to be imported again using their secret key / secret numbers
- Custom keyboards. The OS provided keyboard will always be used by the app: custom keyboards will not be triggered when entering data in the XUMM app.
- Outgoing connections to untrusted/unknown nodes/endpoints. This way, even if a software dependency (library) tries to connect to an untrusted location, XUMM will stop the outgoing request before it is sent.
When XUMM generates new XRPL (non-custodial) accounts, XUMM generates a secret key in "Secret Number" format. Read more about Secret Number security here.