Embedded Wallets and Key Custody for Onchain Mobile Apps: What You Need to Know

Embedded wallets have simplified onchain onboarding by removing the need to connect external wallets or save complicated seed phrases. However, choosing the right embedded wallet provider for your mobile app requires careful consideration—and custody is one of the most critical factors. Who controls and owns the keys to the embedded wallet? This blog breaks down the different types of embedded wallets available today and explains how custody decisions impact both developers and their users.

Developers integrating embedded wallets for mobile apps have several options, each with distinct benefits and trade-offs. Here’s a quick TL;DR:

Smart Contract Wallets: Embedded wallets with built-in support for ERC-4337 features.

• Pros: Simplifies user experience with features like embedded wallets, gasless transactions, and gas fee optimization in one package.

• Cons: Relies on third-party key custody, fees for deploying and maintaining active wallets, cross-chain support requires additional wallets to be deployed.

WaaS (Wallet as a Service): Managed solutions for onboarding users with just a username or email, utilizing MPC.

• Pros: Easy integration into your app and simplifies recovery for users by leveraging trusted third-party services for transaction signing and recovery.

• Cons: Shares many limitations of third-party custody, including fees, data lock-in, and potential censorship.

Direct Self-Custody: Equips users with embedded wallets via EOAs (Externally Owned Accounts) directly on their device—RallyProtocol’s approach.

• Pros: Permissionless, full developer-sovereignty, cost-free, and cross-chain compatible. Users own their keys, and wallets are created on-device.

• Cons: Requires a small additional setup to enable ERC-4337 features like gasless transactions.

For mobile-first developers, the choice of custody has a significant impact—not only on user experience but also on control, cost, and scalability.

Using third parties for key management through Smart Contract Wallets or WaaS may be convenient for both developers and users, but there are potential drawbacks developers should consider:

1. Loss of Control: Neither developers nor users own the keys to the wallet. The third-party that custodies the keys has the power to close or restrict wallets without developer or user consent.

2. Reliance on Centralized Services: Any outage or security breach at the third-party level affects your app and users—even if your own stack is secure.

3. Recurring Costs: Wallet providers often charge for active wallets, and additional fees for premium features could be introduced in the future.

4. Data Ownership Issues: Developers do not own their users’ wallet data or the associated social graphs. The third party effectively "owns" the wallets created through their service.

In contrast, enabling direct self-custody ensures both developers and users retain full control over their wallets and data. With embedded wallets powered by EOAs and secured by device-level encryption, developers unlock several advantages:

1. Full User Sovereignty: Users—and only users—own their wallets and keys on-device encrypted by the secure enclave. Developers don’t need to rely on third-party custody services.

2. Permissionless Control: Developers can create wallets instantly without requiring third-party accounts or permissions, enabling frictionless scaling.

3. No Hidden Costs: Unlike Smart Contract Wallets or WaaS, there are no ongoing fees for wallet creation or use.

4. Data Ownership: Developers retain access to user wallet data and social graphs. Builders who create value can fully own it by leveraging permissionless, open-source tools.

With RallyProtocol’s approach, developers can provide embedded wallets directly from their apps, taking full control of the user experience while eliminating third-party dependencies. Here’s how RallyProtocol aligns with the needs of mobile-first developers:

• Built for Mobile Developers: Designed natively for mobile, embedded wallets integrate seamlessly into onchain mobile apps, removing the need for external wallet apps or extensions.

• Gasless Transaction Support: While self-custody wallets require some setup for advanced features like gasless transactions, RallyProtocol provides tools to streamline implementation, empowering you to own your gasless transaction stack.

• Developer-Centric Tools: RallyProtocol empowers developers to build truly open and permissionless applications, ensuring flexibility and scalability without compromise. Check out our github.

For example, a developer creating an onchain mobile game can use RallyProtocol to instantly equip users with embedded wallets under the hood, have users claim NFTs gaslessly, and never lose control of the app’s onchain user experience—all without relying on third parties.

For developers who prioritize having full control, cost efficiency, and mobile-first experiences, direct self-custody is the way forward. RallyProtocol simplifies the process, giving you the tools to innovate while retaining the value that you create. By aligning custody decisions with the principles of permissionless and open development, developers can create better user experiences while maintaining control over their ecosystems.

RallyProtocol is an open and permissionless onchain mobile toolkit that features embedded wallets and gasless transactions. Our mission is to enable developers to create seamless, end-to-end onchain experiences for native mobile apps while ensuring self-custody, security, and full developer sovereignty. Whether you're building an iOS or Android app in Flutter, Unity, React Native, Expo, Swift, or Kotlin, our tools empower developers to create better onchain mobile experiences quickly and easily.

Want to learn more? Dive into our developer documentation here.