The app, operated by China-based Cheetah Mobile, will use a two-tier security system to grant users access to their holdings, according to a press release. The first stage will have users scan their personalized and encrypted QR codes, while the second asks pre-set security questions.
“The QR code is highly encrypted, so it can’t be decrypted by scanning it with other software … [and] SafeWallet does not store your QR code on its servers,” a company representative told CoinDesk in an email.
The system is claimed by the firm to be more secure than traditional mnemonic phrases, while also being easier to use. In particular, the system hopes to ensure users are not writing their backup phrases down on paper, “which can be easily lost, stolen or damaged.”
SafeWallet believes that the new system can also protect against the risks that arise if users send their passphrases to themselves using email or instant-messaging platforms, which can contain malware or otherwise leak the messages to bad actors.
While acknowledging the possibility that someone could gain access to the QR code if stored on a device or in the cloud (which the firm recommends for convenient backup access), the representative said:
“A hacker can’t access your assets with your QR code alone. They would need to know the answers to your security questions (in addition to your regular SafeWallet password). Our security questions are more specific than your average security questions, so they would be extremely difficult to guess, even if someone is very close to the user. … You are in complete control of your assets at all times. “
Additionally, as a safeguard against theft, private keys “will never” appear as text in the wallet, they said, while SafeWallet will also scan users’ devices for apps containing malicious code and notify users if anything suspicious is found…