Blockchain phones are coming, that much is certain. The Sirin Labs Finney and the HTC Exodus are both expected by the end of the year, each with its own, sometimes vaguely defined sense of what exactly that term means. HTC’s Phil Chen, who spearheaded Exodus development, has at least started to fill in the blanks of how the Exodus will pull off its most important trick: keeping your cryptocurrency safe.

The Exodus has loftier ambitions than mere storage, of course. “A few years down the road, we see a world where people own their own identities and data, where everyone understands the concept and economics of digital property,” says Chen, HTC's decentralized chief officer. For the moment, though, the primary concern for the Exodus’s intended audience is how well it works as a hardware wallet.

That had, until now, been a bit of a question mark. After all, a smartphone seems like an inopportune place to stash digital currency. Android phones, in particular, present inherent security risks, subject to a wide assortment of malware and other targeted threats. Smartphones also, as you may be personally and painfully aware, tend to get lost or stolen, at least more than is ideal for what aspires to be a digital bank vault.

"We see a world where people own their own identities and data, where everyone understands the concept and economics of digital property." Phil Chen, HTC

In fact, even the mere act of connecting to the internet goes too far for protective cryptocurrency investors, who prefer to keep their assets in so-called cold storage wallets, which remain entirely offline. If anything, cryptocurrency storage has trended toward that extreme, with some deep-pocketed enthusiasts opting for physical vaults with Faraday cage surrounds.

By contrast, putting your cryptocurrency—more specifically, the private keys required to access it—in an Android phone might seem the equivalent to stashing your money not under the mattress but neatly on top of it, and then placing that mattress on a fairly busy street corner.

“Phones are very promiscuous in the sense that they transfer a lot of data, they connect to a lot of networks, we install third-party apps on them. They can be made relatively secure, but they’re not the safest thing to carry around a lot of money,” says Matthew Green, a cryptographer at Johns Hopkins University who is affiliated with a privacy-focused cryptocurrency called Zcash. “And if you’re not carrying a lot of money, you don’t need a special phone.”

And yet tens of millions of people already use software wallets, Chen says, tied to centralized exchanges like Coinbase. “What’s obvious in the old internet model, is centralized cloud systems are very hackable,” says Chen. “Centralized honeypots are continually hacked. The concentration of data in walled gardens increases the cost of security.”

The HTC Exodus aims instead for something of a compromise. It isn’t quite cold storage, but at least it empowers users by allowing them to hold their own keys. It does so by placing them in a so-called trusted execution environment, a part of an ARM chip called TrustZone. The secure enclave sits apart from the operating system, designed to inoculate precious cargo even in the event of a broader breach. Think of it as a smartphone’s panic room.

The concept of a secure enclave isn’t new; Intel has offered one for PCs for some time, and Apple uses one to protect the biometric data—your fingerprint and face—that it uses to unlock the iPhone. Even TrustZone has been around for years, commonly used by studios and such to lock down DRM-protected content.

It’s as good an answer as any right now, and preferable to HTC attempting to built its own solution from the ground up. But TrustZone isn’t a security panacea. “If somebody claims something is secure, a lot of people try to poke into it,” says Simha Sethumadhavan, a computer scientist at Columbia University. “Over the years there have been several attacks on TrustZone.”

That includes one from Sethumadhavan, who along with coauthors Adrian Tang and Salvatore Stolfo published research last year detailing how to not just break TrustZone security but alter the code that’s running in the secure environment.