Xverse Cloud Backup Security: How Your Seed Phrase Stays Protected

Xverse now supports cloud backup for mobile users, allowing you to securely store your encrypted seed phrase in iCloud (Apple) or Google Drive (Android). Below are key security concerns regarding this feature.

Does Google/Apple Have Access to My Seed Phrase?

No. Your backup is encrypted before being stored in iCloud or Google Drive, ensuring that neither Apple, Google, nor Xverse can access your seed phrase.

Can Other Apps Access My Seed Phrase If They Have Drive Access?

No. The backup is stored in an isolated sandbox within your cloud storage. Even if you grant admin access to your cloud storage, attackers can only retrieve an encrypted version of the seed phrase. However, always be cautious when granting broad access to your drive, as malicious apps could delete stored data.

How Secure Is the Encryption for Cloud Backup?

Security is a top priority for Xverse. We implement strong cryptographic algorithms to ensure your backup remains secure:

• We require a very strong password (4/4 score on zxcvbn), making brute-force attacks infeasible. More details on zxcvbn security.
• We use the Argon2 algorithm to derive an encryption key from your password. Argon2 is the top password hashing and key derivation recommendation by OWASP.
• Our implementation has undergone an external security audit to verify and enhance our security standards.

If Someone Knows My Password, Can They Restore My Wallet on Their Device?

No. Without access to your Google Drive or iCloud, an attacker cannot use your password to restore a backup they do not own.

By following these best practices, you can ensure that your cloud backup remains secure while having peace of mind that your wallet can always be restored when needed. If you have any further questions, feel free to reach out to our Support team.