1. The device is the processing house to provide coin-specific functionality. The permanent storage of all the account secret is on the cards. To provide some authenticity check, the device stores private keys of its own in the Secure chip (ATECC). Apart from that, the device also stores some session keys specific to enable a secure execution environment.
2. The device has access to PIN (and its subsequent hash) only for a short duration (one session) of time in its RAM. No information about PIN is stored on the device. Whenever a user enters PIN it is erased right after it's used. The cards store the double hash of the PIN permanently to provide an authentication mechanism whenever someone tries to access the user data on the card. The storage of PIN digest on the card is fully managed by JCOP OS that is EAL 5+ certified which provides in-built safety even from side-channel attacks.
3. If the user has set a PIN, then the shard is first encrypted and then stored in the NVM. If there is no PIN, the shard is stored as it is. The decryption is done using the first hash of the PIN. The handling of PIN is unaffected by this bahaviour since the nonce for encryption is stored on the cards. The nonce for encryption acts as salt for the encryption along with hash of PIN.
4. information about accounts, history, and transactions are never stored on the device or cards. They are only available with the desktop companion (CySync) application.



I agree that these are minor UX issues at this point. This is what we are currently solving at the moment. This will get improved in another month.


I can understand. These are things that are part of the roadmap already.