SECURITY · NATIVE DESKTOP

Security architecture.

MyAlgo runs as a native desktop application. Keys are generated and stored locally. Review the architecture and the threat model below.

Local key storage · Ledger compatible · No telemetry

MyAlgo Wallet's security architecture is native desktop with local key storage. The application runs as a standalone process on Windows, macOS, and Linux; private keys are generated and stored on the user's device using each operating system's credential store. Hardware wallet integration (Ledger Nano S Plus, Nano X) is supported for accounts where hardware-secured signing is preferred. The wallet does not collect identifying telemetry, transmit user data, or maintain server-side credentials. Vulnerabilities can be disclosed responsibly via security@myalgowallet.org.

Architecture overview.

MyAlgo is a native desktop application. The application runs as a standalone process on the user's operating system — separate from the browser, separate from every other application. Private keys are generated locally during initial wallet setup, encrypted, and stored using each operating system's standard credential store: Windows Credential Vault on Windows, macOS Keychain on macOS, and Linux Secret Service (libsecret) on Linux. The seed phrase is shown once during wallet creation; afterward, it is the user's responsibility to store it securely offline. MyAlgo never sees, transmits, or has any way to retrieve the seed phrase. When a transaction is signed, the signing operation occurs entirely within the application's process memory; the signed transaction is then broadcast to the Algorand network via the application's connection to a public Algorand node. The unsigned transaction never leaves the device. The signed transaction broadcast carries only what the Algorand network requires for validation: the signature, the transaction body, and the network metadata. No user identity, device fingerprint, or behavioral analytics is included.

What native architecture means in practice.

A native desktop application has a different attack surface than a web wallet. Web wallets run inside a browser tab. The browser's runtime is shared across every other tab the user has open. A malicious script in any tab — including ones the user is not actively interacting with — can attempt to read sensitive memory, intercept signing flows, or inject UI elements that capture credentials. This vector is not theoretical; the 2023 Algorand wallet incident that prompted significant ecosystem migration was a JavaScript injection attack on a web wallet. Native desktop applications have no shared browser runtime. Each application runs in its own process. For a malicious actor to read MyAlgo's memory or intercept its operations, they would need to compromise the user's operating system itself — a meaningfully harder attack than compromising a single browser tab. This architectural choice is the primary security differentiator of native desktop wallets in 2026. The trade-off is a download-and-install step that web wallets avoid; the security gain is the elimination of a major attack vector.

Hardware wallet integration.

MyAlgo supports the Ledger Nano S Plus and Ledger Nano X. With a hardware wallet connected, private keys never reside on the desktop computer at all. The hardware device generates and stores the keys; signing operations happen on-device using the Algorand application installed on the Ledger. MyAlgo serves as the interface for constructing transactions and reading account state. For high-value accounts, hardware wallet usage is the recommended configuration. Setup walkthrough is documented at hardware wallet integration.

Network connections and data minimization.

MyAlgo connects to the Algorand network for read operations (account balance, transaction history, asset information) and write operations (transaction broadcast). The default network endpoints are public Algorand nodes (algonode.io and the official Algorand Foundation indexer). Users can configure custom endpoints in the application settings, including their own self-hosted node. The application does not contact any non-Algorand servers as part of normal operation. There is no analytics endpoint, no telemetry collection, no remote configuration, and no auto-update server beyond the user-initiated download from myalgowallet.org.

Responsible disclosure.

Researchers who identify issues are asked to report directly to security@myalgowallet.org with a clear description, reproduction steps, and the affected version. Researchers are credited in security advisories with their permission. Please use responsible disclosure (notify us before going public) so users can take protective action before details are widely known.

Security FAQ.

Is MyAlgo Wallet safe to use?

Native desktop architecture, local key storage, no browser session. Hardware wallet (Ledger) supported. Safety also depends on user practices: secure seed storage, avoid malicious downloads, use hardware for high-value accounts.

How does native architecture differ from web wallets?

Native runs as a standalone process. Web wallets share runtime with every browser tab — malicious scripts in any tab can attack signing flows. Native eliminates that vector.

Is MyAlgo open source?

Partially. Open-source components are linked from this page when published.

Where are my keys stored?

On your device. Encrypted, in the OS credential store: Windows Credential Vault, macOS Keychain, Linux Secret Service. MyAlgo never sees or transmits your keys.

Does MyAlgo collect telemetry?

No identifying telemetry. The app contacts only Algorand network endpoints for blockchain queries. No user identity, device fingerprint, or behavioral analytics is collected.

What if I find a vulnerability?

Email security@myalgowallet.org with description and reproduction steps. Researchers credited (with permission) in security advisories.

is MyAlgo wallet safe in 2026

Download MyAlgo.

Signed installers · Direct from myalgowallet.org

Download MyAlgo