Bitcoin Education

Theya Mobile Key Guide

A mobile key is a Bitcoin key stored on your mobile device, leveraging the dedicated security chip designed to safeguard personal and security data on your phone. It provides convenience while maintaining strong security through your device's built-in protections.

With Theya, you can use a mobile key as part of a multisig vault or as a single-key vault (hot wallet). This guide explains how mobile keys work, their security considerations, and how to protect them properly.

Convenient signing Multisig compatible iCloud Keychain backup

What Is a Mobile Key?

A mobile key is a Bitcoin private key stored securely on your mobile device (iPhone or Android). It leverages your phone's dedicated security chipβ€”Apple's Secure Enclave or Android's equivalentβ€”which is designed to safeguard sensitive personal and security data.

Mobile keys provide the convenience of signing transactions directly from your phone without needing a separate hardware device. However, they require careful attention to security, particularly around iCloud/Google account protection and backup strategies.

How Mobile Keys Work

  • Secure chip storage: The key is stored in your device's secure element, isolated from regular app data
  • Biometric authentication: FaceID or your phone's passcode protects access to the key
  • Multisig compatible: Can function as one key in a 2-of-3 or 3-of-5 multisig vault
  • Single-key option: Can also be used as a standalone hot wallet for smaller amounts

Mobile keys are convenient for everyday use, but they require your iCloud/Google account to be secured with hardware authentication (YubiKey) for maximum protection. Learn about securing your iCloud account with a YubiKey.

Single-Key Mobile Vault vs. Mobile Key in Multisig

Mobile keys can be used in two ways with Theya:

Single-Key Mobile Vault

A hot wallet on your phoneβ€”convenient but suitable only for smaller amounts. No multisig protection.

  • Select "Create New Vault" and choose single-key vault
  • Select "This Phone" as your key
  • Create using FaceID or phone passcode
  • Backup using iCloud Keychain (highly recommended)

Best for: Small amounts, daily transactions, learning Bitcoin

Mobile Key in Multisig Vault

Your mobile key becomes one of three keys in a collaborative security setupβ€”much stronger protection.

  • Theya first adds your recovery key
  • Select "This Phone" as your first key
  • Create using FaceID or phone passcode
  • Set up your second key (hardware device, another mobile, or cosigner)

Best for: Significant holdings, collaborative security, generational wealth

πŸ’‘

For meaningful amounts, always use multisig. A mobile key in a 2-of-3 multisig vault gives you convenience plus the protection of collaborative security. If you lose your phone, the other keys can still protect your Bitcoin.

Critical: Secure Your iCloud Account with a YubiKey

This is non-negotiable if you use a mobile key. Your mobile key's security depends on your iCloud/Google account security. If someone gains access to your iCloud account, they may be able to access your mobile key backup.

🚨

Your iCloud account is the gateway to your mobile key. If you backup your mobile key to iCloud Keychain (which is highly recommended), securing your iCloud account becomes critical. An attacker with access to your iCloud can potentially access your key backup.

Why YubiKey Protection Matters

Most people secure their iCloud account with SMS-based two-factor authentication. This is vulnerable to:

  • SIM swap attacks β€” Attackers hijack your phone number to receive SMS codes
  • Phishing β€” Fake login pages can trick you into entering SMS codes
  • Social engineering β€” Support staff can be tricked into resetting accounts
  • SMS interception β€” SMS messages can be intercepted or redirected

A YubiKey eliminates these risks. Hardware-based authentication means an attacker needs physical possession of your YubiKey to access your iCloud accountβ€”making it nearly impossible for remote attackers.

Read our YubiKey Security Guide for complete setup instructions, including step-by-step directions for enabling YubiKey on your Apple ID/iCloud account. This is essential before storing meaningful amounts with a mobile key.

The guide includes detailed prerequisites, setup steps for iPhone/iPad/Mac, what changes after enabling security keys, and authoritative resources from Apple and Yubico for troubleshooting.

Recommended Security Setup

  1. Secure your Apple ID/iCloud with YubiKey β€” Use hardware authentication as your primary 2FA method
  2. Enable iCloud Keychain backup β€” This backs up your mobile key securely to iCloud
  3. Set up a backup YubiKey β€” Register a second YubiKey with your Apple ID for redundancy
  4. Document recovery process β€” Ensure you (and your estate) know how to recover if needed

This layered approach provides strong protection: your mobile key is secured by your device's secure chip, backed up to iCloud Keychain (which is protected by YubiKey-authenticated iCloud account), and in multisig setups, protected by multiple keys.

Backing Up Your Mobile Key with iCloud Keychain

It is highly advised that you backup your mobile key using iCloud Keychain. This ensures you can recover access if you lose or damage your phone.

How iCloud Keychain Backup Works

When you enable iCloud Keychain backup for your mobile key:

  • Your mobile key is encrypted and stored in iCloud Keychain
  • The backup is synced across your Apple devices
  • It's protected by your Apple ID (which should be secured with YubiKey)
  • You can restore the key to a new device if your phone is lost or damaged

Important: This is why securing your Apple ID with a YubiKey is critical. The backup is only as secure as your iCloud account.

Setting Up iCloud Keychain Backup

  1. When creating your mobile key in Theya, you'll be prompted to back it up
  2. Select "Backup to iCloud Keychain" when offered
  3. Enter your Apple ID password if prompted
  4. Verify the backup was successful (Theya will confirm)

After setup, you can verify your backup is working by checking your iCloud Keychain settings or by attempting a recovery process (test with a small amount first).

⚠️

Without iCloud Keychain backup: If you lose your phone and haven't backed up your mobile key, you may lose access permanently. In a single-key vault, this means losing your Bitcoin. In a multisig vault, you'll need to recover using your other keys and set up a new mobile key.

What to Do If You Lose Your Phone

Don't panic. If you've set up your mobile key correctly, losing your phone doesn't mean losing your Bitcoin. Here's what to do immediately:

Immediate Actions (First Hour)

  1. Lock your phone remotely β€” Use Find My iPhone (Apple) or Find My Device (Android) to lock, locate, or remotely erase your device
  2. Check if phone was stolen β€” If stolen, immediately proceed to step 3. If lost and recoverable, you may be able to restore access later
  3. Assess your vault setup β€” Determine whether you're using single-key or multisig:
    • Multisig vault: Your Bitcoin is protected by other keys. Continue to step 4.
    • Single-key vault: You need to recover from iCloud Keychain backup. Proceed to step 5.

For Multisig Vaults (Collaborative Security)

Your Bitcoin is safe. With 2-of-3 multisig, losing your mobile key doesn't prevent access:

  1. Contact your adviser immediately β€” We can help coordinate recovery using your other keys
  2. Use your other keys β€” You can still sign transactions with your hardware device or other keys
  3. Set up a new mobile key β€” Once you have a new phone, we'll help you create a new mobile key and transfer funds if needed
  4. Document the change β€” Update your Estate Plan Protocol with the new mobile key details

This is exactly why collaborative security is valuableβ€”even if you lose one key, your Bitcoin remains accessible. See our Emergency Kit for more details.

For Single-Key Vaults (Recovery Required)

If you backed up to iCloud Keychain, recovery is possible:

  1. Get a replacement phone β€” Use a new iPhone (or restore to an existing Apple device)
  2. Secure your iCloud account first β€” Ensure your Apple ID is secured with YubiKey before proceeding
  3. Sign in to iCloud β€” Sign in with the same Apple ID used for the backup
  4. Enable iCloud Keychain β€” Allow iCloud Keychain to sync on your new device
  5. Open Theya app β€” The mobile key should automatically restore from iCloud Keychain backup
  6. Verify access β€” Test that you can access your vault and sign transactions

If you didn't backup to iCloud Keychain: Recovery may not be possible. Your Bitcoin may be lost unless you have another backup method. This is why iCloud Keychain backup is highly recommended.

⚠️

If your phone was stolen and you suspect compromise: Immediately lock or erase the device remotely. If you use a mobile key in multisig, coordinate with your adviser to set up a new mobile key on a secure device. If you use a single-key vault, recover from iCloud Keychain backup immediately.

πŸ’‘

Prevention is better than recovery. Use multisig vaults for meaningful amounts, secure your iCloud account with YubiKey, always backup to iCloud Keychain, and document your setup in your Estate Plan Protocol.

Security Considerations

Mobile keys offer convenience but require careful security practices:

Device Security

  • Use a strong device passcode
  • Enable biometric authentication (FaceID/TouchID)
  • Keep your phone's OS updated
  • Use a screen lock with auto-lock enabled

iCloud/Google Security

  • Secure account with YubiKey (critical)
  • Use strong, unique password
  • Enable two-factor authentication
  • Review account access regularly

Backup Strategy

  • Always backup to iCloud Keychain
  • Verify backup works (test recovery)
  • Use multisig for meaningful amounts
  • Document backup location in estate plan

Physical Security

  • Don't leave phone unattended
  • Enable Find My Device
  • Set up remote lock/erase
  • Be cautious with phone repair

Mobile Key vs. Hardware Device

Mobile keys provide convenience but have different security characteristics compared to hardware devices:

  • Mobile key: Convenient, always with you, protected by device security chip, but dependent on iCloud/Google account security and device physical security
  • Hardware device (Trezor, etc.): More secure, air-gapped, but less convenient, requires carrying separate device

Best practice: Use mobile keys for convenience in multisig setups where other keys provide additional security. For single-key storage or very significant amounts, consider a hardware device. Learn about hardware signing devices.

Integration with Collaborative Security

Mobile keys work excellently as part of The Bitcoin Adviser's collaborative security model:

Mobile Key in 2-of-3 Multisig

A typical setup might include:

  1. Mobile key (your phone) β€” Convenient for daily use
  2. Hardware device (Trezor) β€” More secure, stored safely
  3. Vault provider key (Theya/Unchained) β€” Professional custody
  4. The Bitcoin Adviser key β€” Security oversight and recovery

This gives you the convenience of mobile signing while maintaining the security benefits of multisig. Even if you lose your phone, your Bitcoin remains accessible using the other keys.

βœ…

During onboarding: We'll help you set up your mobile key as part of your collaborative security vault. Your adviser guides you through the process and documents everything in your Estate Plan Protocol.

Setting Up a Mobile Key

Setting up a mobile key with Theya is straightforward:

Setup Steps

  1. Ensure iCloud is secured β€” Before creating a mobile key, secure your Apple ID/iCloud account with a YubiKey. See our YubiKey guide
  2. Open Theya app β€” Launch the Theya app on your iPhone
  3. Create new vault β€” Select "Create New Vault" and choose your vault type (single-key or multisig)
  4. Add recovery key (for multisig) β€” If creating multisig, Theya will first add your recovery key
  5. Select "This Phone" β€” Choose your phone as one of the keys
  6. Authenticate β€” Use FaceID or your phone's passcode to create the key
  7. Backup to iCloud Keychain β€” When prompted, enable iCloud Keychain backup (highly recommended)
  8. Continue vault setup β€” Add additional keys if creating a multisig vault

The entire process takes just a few minutes. Watch the Theya mobile key setup video for a visual walkthrough.

πŸ’‘

During onboarding: Your Bitcoin Adviser will guide you through mobile key setup as part of your collaborative security vault creation. We'll ensure everything is configured correctly and securely.

When to Use a Mobile Key

Mobile keys are ideal for certain use cases:

βœ… Good Use Cases

  • Convenience in multisig setups
  • Regular transactions or daily use
  • Small to moderate amounts (in multisig)
  • Quick access for beneficiaries
  • Backup/recovery key in larger multisig

❌ Not Recommended For

  • Large single-key vaults
  • Very significant holdings (use hardware device)
  • Long-term cold storage only
  • Without iCloud Keychain backup
  • Without securing iCloud with YubiKey

Recommended Approach

Use mobile keys as part of a multisig setup for the best balance of convenience and security:

  • Mobile key provides convenience for regular use
  • Hardware device provides additional security layer
  • Multisig structure eliminates single points of failure
  • Recovery is possible even if one key is lost

This is exactly how we structure collaborative security vaultsβ€”multiple keys working together to provide both convenience and strong protection.

Common Questions

What if I lose my phone?

If you're using multisig, your Bitcoin is protected by other keys. If single-key, recover from iCloud Keychain backup. See "Lost Phone Emergency" section above.

Is iCloud Keychain backup secure?

Yes, if your iCloud account is secured with YubiKey. The backup is encrypted and protected by your Apple ID. This is why securing iCloud with hardware authentication is critical.

Can I use mobile key without iCloud backup?

Technically yes, but not recommended. Without backup, losing your phone means losing access permanently (in single-key setups). Always backup to iCloud Keychain.

What about Android devices?

Theya supports Android devices with similar security features. Android's secure element provides similar protection to iOS Secure Enclave. Backup options may vary.

Can I have multiple mobile keys?

Yes, in a multisig vault you can have multiple mobile keys (e.g., your phone and a cosigner's phone). Each provides its own key in the multisig setup.

Is mobile key less secure than hardware device?

Mobile keys are convenient but rely on device and cloud security. Hardware devices are more secure but less convenient. In multisig, both work well togetherβ€”mobile for convenience, hardware for additional security.

Estate Planning Considerations

Your Estate Plan Protocol should document your mobile key setup:

What to Document

  • Which vaults use mobile keys β€” List all vaults that include a mobile key
  • Device information β€” Phone model, Apple ID/Google account used
  • iCloud Keychain backup status β€” Confirmation that backup is enabled
  • Recovery process β€” How beneficiaries can recover if phone is lost
  • iCloud account security β€” That Apple ID is secured with YubiKey
  • Alternative access methods β€” Other keys in multisig setups

We document all of this in your Estate Plan Protocol during onboarding. Your beneficiaries will have clear instructions on how to access Bitcoin stored with mobile keys.

How The Bitcoin Adviser Helps

We provide comprehensive support for mobile key setup and management:

  • Guidance on mobile key use β€” When mobile keys are appropriate vs. hardware devices
  • iCloud security setup β€” Help securing your Apple ID with YubiKey before creating mobile keys
  • Vault integration β€” Setting up mobile keys as part of your collaborative security vault
  • Backup verification β€” Ensuring iCloud Keychain backup is configured correctly
  • Recovery planning β€” What to do if your phone is lost or stolen
  • Documentation β€” Mobile key details included in your Estate Plan Protocol
  • Ongoing assistance β€” Questions about your mobile key? Your adviser is always available
βœ…

You're never alone. From choosing whether to use a mobile key to setting it up securely to recovering from loss, your dedicated Bitcoin Adviser is here to help every step of the way.

Get Help with Mobile Key Setup

We can guide you through securing your iCloud account with YubiKey, setting up mobile keys in your collaborative security vault, configuring backups, and documenting everything for your estate plan.

Already a client? Reach out to your adviser directly to schedule a session.
Not yet a client? Book a consultation to learn how we can help.

Book with Your Adviser Contact Us

Educational only β€” no financial, tax, or legal advice. Seek appropriate licensed professionals where required. Mobile key recommendations are based on Theya documentation and our experience with collaborative security setups.