XUMM Security Measures

The what and why of XUMM security architecture

XUMM allows users to transact in XRP and security lapses can be costly. The development team implemented a number of security measures to prevent attacks.

These include; blocking screenshots, blocking the app from running on devices with native security bypassed and not restoring from a third-party backup.

Security is a primary design principle in XUMM to protect users from malefactors.

Please reach out to XUMM Support with any questions or concerns. For more on XUMM Security please see : How does XUMM security compare to a hardware wallet?

For security reasons the following are disabled:

• Screenshots (at specific screens, where secret information is entered, and if the OS doesn't allow us to specify specific screens: screenshots of the entire app

• The ability to run on rooted / jail-broken devices

• The ability to run from unofficial app stores

• Recovering from cloud backups. XUMM won't recover from OS (Android / iOS) backups: accounts will have to be imported again using their secret key / secret numbers
• Custom keyboards. The OS provided keyboard will always be used by the app: custom keyboards will not be triggered when entering data in the XUMM app.
• Outgoing connections to untrusted/unknown nodes/endpoints. This way, even if a software dependency (library) tries to connect to an untrusted location, XUMM will stop the outgoing request before it is sent.

When XUMM generates new XRPL (non-custodial) accounts, XUMM generates a secret key in "Secret Number" format. Read more about Secret Number security here.