In short, your SmartKey is stored in the cryptographic section of your phone and protected by your phone's lockscreen pin/passphrase; your Universal Wallet pin; and optionally another layer of biometric authentication.


Now let’s take a deeper dive! Your seed is encrypted with the PIN, but for iOS and Android the implementation is slightly different. For iOS, the pin-encrypted seed is stored in the “Keychain”, which is a secure place to store passwords and other valuable information, this is protected by the OS. Anything stored here can be retrieved for use, so when you hit “remember password”, that’s where it is stored! The ability to fetch this information is great, but even if information is stored behind walls, it’s best not to leave it in plaintext. We will come back to this in a moment but let’s take a look at what’s happening on an Android device.


On Android there is something called a “Keystore”, which is a separate part of the OS that can generate its own cryptographic keys. However, you cannot fetch the private keys, you can only ask the Keystore to use those keys on your app’s behalf. This makes it a rather secure system because the keys never have to touch user-space and if the device has hardware encryption available, the keys will automatically be generated there, further separated from the programs running on device. So, what we do here is tell the Keystore to generate a key that only the Ethos app can access, then we pass the PIN-encrypted seed to the Keystore to be encrypted again. The Keystore returns the doubly-encrypted seed to the app, which is then stored in the app's storage (which other apps cannot access). This means that even if one were to extract that value from the app storage, they would have to also break the Keystore (which requires root, or some 0day exploit) to decrypt it, thus making the attack MUCH more difficult. Even if they pulled that off, they would still have to then brute force the PIN-level encryption.


So now you may be asking yourself, “Hmm… a 6-digit PIN only has 10^6 possibilities…  Isn’t that easy to crack?” The answer is yes. That is why we generate a long "salt", or a random non-secret number, and concatenate that with the PIN, then process that value with a cryptographic hash function and use that hash to encrypt the seed. This means you cannot use a precomputed list of PINs to try and decrypt, you must generate all the possible hashes for those 10^6+ values with the salt, which makes the computational effort basically infeasible.


Now going back to the Keystore, there is an equivalent concept on iOS called Secure Enclave. The flow of securing the SmartKey on iOS and Android looks like this:


Cryptographic hash(PIN+salt) = encrypt seed → the encrypted seed is then passed to Keystore/Secure Enclave to be encrypted again → that doubly encrypted seed is then stored in iOS Keychain or in app storage for Android.


Secure Enclave encryption is in the works. Currently the key is stored in the Keychain on iOS.