Skip to main content

Operational Considerations for Managing Mobile Signing Devices

As part of Fortary’s self-custody MPC framework, customers are required to maintain control of one of the three key shares that authorize blockchain transactions. This key share resides within a dedicated mobile device running the Fortary Mobile Signing App. Proper management of these devices is critical to maintaining both the security and operational efficiency of your organization’s self-custody setup.

Dedicated Device Requirement

Each Signer Device stores a secure portion of your wallet’s key material inside a Trusted Execution Environment (TEE). To protect this sensitive data, Fortary strongly recommends using a new and unused Apple iPhone or iPad, with no other applications, email, or messaging accounts installed. These devices do not require an active cellular plan and should serve no purpose other than transaction signing. Treat each device as a cryptographic security tool—similar to a hardware wallet—rather than a general-use mobile device.
If a Signer Device is lost, stolen, or compromised, Fortary’s backup and recovery process can restore your wallet; however, loss of the device temporarily halts your ability to approve transactions.
For additional information on acquiring a dedicated hardware device, please visit here.

Operational Limitations

Since the Signer Device is required for transaction approval, it must be accessible when signatures are needed. Consider how transaction approval workflows align with device availability—particularly for organizations with multiple signers or geographically distributed teams.
If the device holder is unavailable or the device is offline, transactions will remain pending until the signing action is completed. Planning redundancy and clear procedures for signers helps prevent operational bottlenecks.

Multi-Device Flexibility

Fortary supports having multiple Signer Devices holding the same key share. This improves operational flexibility by allowing multiple trusted personnel to review and sign transactions. All devices contain identical key material, so there is no additional security risk from having multiple devices; they cannot collude or combine their data to reconstruct the full key. However, each device must be managed and secured independently under your organization’s key management policies. We recommend maintaining 2–3 dedicated devices in total to balance security and operational continuity.

Security Implications

Because the Signer Device stores live key material, it should be handled with the same level of protection as any critical private key:
  • Keep devices offline or in secure storage when not in use.
  • Restrict physical access to authorized personnel only.
  • Use biometric authentication and PIN locks to prevent unauthorized access.
  • Avoid installing non-essential software or connecting to untrusted networks.
Although compromise of one Signer Device alone does not expose your complete wallet (as Fortary operates on a 3-of-3 MPC model), unauthorized access still introduces risk and may require invoking the recovery procedure.