T
Tokenkit
Tokenkit Starknet Tokenkit Documentation

Documentation

Security and Backup

How Keon protects your seed phrase, biometric unlock, Google Drive backup, and cross-device sync

Where your seed phrase lives

Your seed phrase is encrypted with your password and stored locally on your device. It never leaves Keon in plain text. The Keon team cannot read it, and neither can anyone with access to the device unless they also have your password.

This means two things:

  1. If you forget your password, your wallet is gone. There is no reset.
  2. If you lose your device, your wallet is gone unless you have a backup.

Backups are how you avoid losing access. Read on.

Backing up to Google Drive

You can save an encrypted backup of your wallet to your own Google Drive. The flow:

  1. Open Settings, then Backup.
  2. Tap Back up to Google Drive.
  3. Sign in with the Google account you want to use.
  4. Keon encrypts your wallet with AES-256-GCM and uploads it.

The backup includes all your seed-phrase wallets, your imported accounts, and your settings. It does not include your activity history (that is local-only).

To restore on a new device, install Keon, pick Restore from Google Drive on the welcome screen, and sign in with the same Google account. You will need your wallet password to decrypt the backup.

Important: the password is what protects the backup. Google never sees your wallet, only an encrypted blob.

Biometric unlock (mobile)

On Android (and iOS when it ships), you can turn on biometric unlock from Settings. After that, you unlock Keon with your fingerprint or face instead of typing your password every time.

Biometrics do not replace your password. Your password is still required for sensitive things like revealing your seed phrase or restoring a backup. Biometrics just save you typing for daily use.

Auto-lock

Keon locks itself after a period of inactivity. You can change the timeout in Settings, or turn it off if you really want to (not recommended on a shared device).

Cross-device sync

If you have Keon on more than one device (say, the Chrome extension at your desk and the Android app on your phone), you can turn on sync from Settings. After that, your wallets, accounts, contacts, and settings stay in step across devices.

How it works: Keon derives a sync key from your password, encrypts the data with AES-256-GCM, and signs each request with HMAC-SHA256. The TokenKit sync server stores only the encrypted blob. The team cannot decrypt your data.

Sync is per-account. You can use Keon on one device without ever turning it on.

Hide your balances

For shoulder-surfing situations, Settings has a Hide Balances toggle. It blanks out every dollar amount and token amount in the wallet UI. Your balances are still there, you just cannot see them. Tap to reveal one at a time.

Reporting a security issue

If you find a security bug in Keon, please do not file it as a public issue on the GitHub repo. Email the team at the address in the wallet's About screen so they can ship a fix before it gets exploited.

Report an issue
Previous
dApps and Connections
Next
SDK Integration