Discovery & threat model
Threat model (custody, key handling, payment-card scope), feature inventory mapping web to mobile, KYC posture review, GDPR + CCPA data-handling mapping.
Case study · FinTech · Crypto · Mobile
Crypto Wallet — Flutter iOS + Android companion for a custodial platform
How we shipped a production mobile companion app for a custodial crypto platform — native iOS and Android clients on a single Flutter codebase, biometric unlock, P2P transfers, a built-in fiat-crypto bridge, and an audit-ready posture that holds up to GDPR and CCPA scrutiny across the United States and the European Union.
The brief — mobile that respects how crypto users actually behave
The client ran a custodial crypto platform with a working web frontend and a backend that already processed real money. What was missing was a mobile experience — and the buyer pool for crypto in the United States and the European Union is almost entirely mobile-first. The challenge was not building a wallet from scratch: the keys, the custody, and the order matching already existed. The challenge was transferring complex financial logic from web to mobile without losing the precision the web product had earned, while delivering a UX that hides every gram of crypto complexity behind a bank-app-grade interface. We chose Flutter for the mobile clients, kept the existing Laravel backend as the system of record, and built six core flows in parallel: registration with KYC, asset management, P2P transfers, fiat-crypto bridge, in-app exchanger, and a transaction history that survives any auditor’s scrutiny.
Project highlights
Single Flutter codebase — iOS + Android
Native StoreKit + Play Billing bridges
Biometric unlock with PIN fallback
Real-time WebSocket exchange rates
P2P transfers with QR + deep link
Fiat-crypto bridge via card gateway
Built-in exchanger at live mid-market rate
GDPR + CCPA-aligned data handling
By the numbers
A snapshot of what the Crypto Wallet Companion App build delivered across web, mobile, and back-office systems in its first production cycle.
2native platforms — iOS and Android, one Flutter codebase
6core user flows shipped — registration, balances, P2P, fiat bridge, exchanger, history
5 mofrom kickoff to both stores live — full delivery cycle
0private keys on the mobile device — custody stays on the hardened backend
60 fpstypical chart-rendering on a $200 mid-tier Android device via Skia
$120k–$280ktypical crypto wallet companion app MVP delivery range
Why a native mobile companion to the existing web platform
The client already had a working web platform and a backend that powered it — what they did not have was a mobile experience that respected how crypto users actually behave. Crypto buyers in the United States and the European Union live on their phones: they check balances during commute windows, react to volatility from the couch, and rarely sit at a desktop browser. A mobile web shim was tested early and discarded — the latency, the share-sheet integrations, and the biometric-unlock flows all suffered against a native build.
We chose Flutter for the mobile clients. A single Dart codebase ships iOS and Android with consistent pixel-perfect rendering, hot-reload speeds the design-engineering loop, and the platform-channel escape hatch keeps native StoreKit, Google Pay, and biometric APIs reachable when needed. The Laravel backend that already served the web platform served the mobile clients without a rewrite — a typed REST contract was the only addition.
| Dimension | Flutter (chosen) | React Native | Native iOS + Android |
|---|---|---|---|
| Codebases to ship | One Dart codebase | One JS codebase + native modules | Two independent codebases |
| Rendering pipeline | Skia — pixel-consistent on both platforms | Native widgets bridged over JS | Each platform’s native widget set |
| Crypto-chart performance | 60 fps on a $200 mid-tier Android device | Bridge-bound on heavy redraws | Native — ceiling depends on team skill |
| Time-to-market on both stores | ~5 months for a multi-feature MVP | ~5–6 months — similar | 7–10 months — double the team |
| StoreKit / Google Play Billing | Available via platform channels | Available via native modules | First-class native APIs |
| Biometric unlock | local_auth plugin — mature | react-native-biometrics | LocalAuthentication / BiometricPrompt |
| Team economics | One Flutter pair ships both stores | One RN pair — similar | Two dedicated teams — expensive |
References: Flutter, Apple StoreKit, Google Play Billing.
iOS build — Flutter, biometric unlock, and the asset dashboard
The iOS client wraps the Flutter binary in a thin Swift host that handles biometric unlock through LocalAuthentication, store IAP through StoreKit, and deep links from Safari, Mail, and shared messages. The unlock flow is biometric-first: Face ID or Touch ID on launch, with a six-digit PIN fallback that itself rate-limits aggressively. A single failure does not log the user out, but five within ten minutes wipe the in-memory session keys and force a full re-authentication.
The asset dashboard is the home screen of the iOS app: per-currency balance cards, total portfolio value at the top, and a single tap into per-asset detail with a price chart and a transaction history view. Live exchange rates are streamed over a long-lived WebSocket to the Laravel backend, with a fall-back HTTP poll on networks that block WebSockets (a real concern on hotel and conference Wi-Fi in both US and EU venues). Input fields for transfer amounts validate against the user’s actual balance, the network minimum, and the asset’s decimal precision before the “send” button ever enables — you cannot accidentally send 0.000000001 BTC because of a keypad slip. This is the same level of detail we apply to every mobile app development project where money is on the line.
Android build — Flutter, P2P transfers, and live conversion
The Android client is the same Flutter binary fronted by a thin Kotlin host that handles BiometricPrompt, Google Play Billing, and the Android share intent. Battery-optimizer behavior on Samsung, Xiaomi, OnePlus, and Pixel device families was tuned per-OEM during QA — the WebSocket reconnect timing and the foreground-notification policy differ enough that the “works on a Pixel” build did not actually work on a Xiaomi until the per-OEM matrix was filled in.
Peer-to-peer transfers are the social heart of the app. A user can send funds to another user by username, by QR code scanned from a paper printout or another phone screen, or by deep link shared through any messenger. The flow looks bank-like on purpose: enter amount, pick recipient, biometric confirm, real-time status tracking from “submitted” through “confirmed on chain”. A small built-in exchanger lets the user convert between supported assets at the live mid-market rate with a transparent fee disclosure on the confirmation screen — no surprises, no hidden spread. The same engineering team carries iOS and Android in lockstep as part of our iOS and Android engineering practice.
Architecture, threat model, and audit-ready posture
A crypto wallet companion app is a threat-rich product even when it never holds funds directly. The wallet’s job is to be the visible surface of a custodial backend — balances, transfers, deposits, withdrawals — without ever exposing private keys to the mobile device. Private keys live on the backend in hardware-isolated key vaults; the mobile app receives short-lived bearer tokens that authorize specific operations, and every operation that moves money requires a fresh biometric confirmation regardless of how recently the user authenticated.
Card-linked deposits and withdrawals go through a payment gateway that handles PCI-scope: the mobile app never sees a primary account number, only a tokenized representation of the user’s saved card. KYC documents collected at onboarding are stored in an encrypted blob store with access logged for audit, and the data-retention schedule is aligned with GDPR obligations for users in the European Union and CCPA / CPRA obligations for users in California and the broader United States.
Compliance posture: GDPR-aligned · ISO 27001 ready · SOC 2 Type II in progress · HIPAA-capable · CCPA-acknowledged.
Delivery methodology
A five-phase build that took the crypto wallet companion app from product specification to both stores live across the United States and the European Union.
Architecture & API contract
Flutter project structure, typed REST contract against the existing Laravel backend, WebSocket rate-streaming, biometric unlock and PIN fallback flows.
Platform builds
Six core flows in parallel — registration with KYC, asset dashboard, P2P transfers, fiat-crypto bridge, in-app exchanger, transaction history.
Audit-ready hardening
Per-OEM Android battery-optimizer matrix, biometric re-authentication on every money-moving action, payment-gateway PCI-scope isolation, in-memory key handling QA.
Launch & telemetry
App Store and Google Play submission across US and EU storefronts, real-user-monitoring rollout, support handoff, GDPR + CCPA compliance documentation.
Live rates, the in-app exchanger, and the entitlement bridge
The in-app exchanger is the smallest of the six core flows but the one that earns the most goodwill day to day. A user looking at a Bitcoin balance can swap a slice of it into Ethereum or stablecoin without leaving the app, at the live mid-market rate, with a transparent fee disclosure that itemizes the spread and the gas estimate before the user confirms. The flow runs against the same Laravel order-matching service the web platform uses, which means liquidity is shared and quotes are consistent across web and mobile. Entitlement to the exchanger — and to higher transaction limits, fiat withdrawals, and certain assets — is gated by the user’s completed KYC tier, which the mobile app reads from the backend on every session start. A user who completes KYC on the web platform sees their tier upgrade reflect on mobile within a minute, and a user who starts KYC on mobile completes it through a document-upload flow that uses the native camera with on-device OCR for client-side validation before the document ever leaves the device. The whole subsystem was built with extensibility in mind: adding a new asset, a new fiat currency, a new payment gateway, or a new KYC tier is a configuration change against the entitlement service, not a code release.
Launching across the United States and the European Union
The crypto wallet companion app launched on Apple App Store and Google Play with storefronts active across the United States and the European Union. The English-language build serves users in California, New York, Texas, Florida, and Washington in the US, and users in the Netherlands, Germany, France, Ireland, and Sweden in the EU, without a separate codebase per region. Consent flows are region-aware at the client layer: users in the EU and EEA receive a GDPR-style granular consent screen with separate toggles for any optional product analytics; users in California receive a CCPA-style “Do Not Sell or Share My Personal Information” disclosure in the same flow. Data-handling practices are aligned with GDPR for European users and with the US state-privacy patchwork — CCPA / CPRA (California), VCDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), UCPA (Utah), TDPSA (Texas), and Oregon CPA. Crypto-specific disclosures around volatility, custody, and tax-reporting reach are surfaced at onboarding rather than buried in a terms-of-service link.
The backend was already live for the web product, so the mobile launch reused the existing fleet across EU and US data centers — nodes in the Netherlands, Germany, France, Sweden, and Ireland for EU coverage; US East and US West for North America — with per-region traffic routing inherited from the web platform. Both the App Store age rating and the Google Play content rating were calibrated for the financial-app category, and the in-app privacy policy was drafted to document the architecture above, citing GDPR obligations and California CCPA obligations directly. The engineering team behind the build sits across CET and runs a CET workday with East-Coast US overlap (9 AM–1 PM ET) for stand-ups, store-review choreography, and incident response — the timezone window that lets a US product team and an EU engineering team share four hours of live overlap every day.
Tech stack and roadmap
Flutter
Dart
Swift
Kotlin
Laravel
PHP
PostgreSQL
Redis
WebSocket
LocalAuthentication
BiometricPrompt
Apple StoreKit
Google Play Billing
Docker
Kubernetes
Terraform
Prometheus
Grafana
The active custom software development roadmap for the wallet includes a hardware-wallet pairing flow for self-custody users, a push-notification price-alert subsystem, a multi-account “profiles” feature for users who split personal and trading wallets, and a desktop client built on Flutter for desktop to share business logic with the mobile codebase. Deeper KYC tiers are planned for US and EU institutional users, with the entitlement subsystem already structured for tier-based feature gating. Infrastructure plans include further backend automation and an internal continuous-verification harness for the custody plane under the cloud & DevOps roadmap.
Build a crypto wallet companion app — talk to us
If you are planning a crypto wallet, a custodial mobile companion app, or any FinTech mobile build where biometric posture and audit-readiness have to coexist with a bank-app-grade UX for audiences in the US and EU, we have shipped this stack end to end and can compress the build timeline meaningfully. The reference build is documented at case reference, and the engineering team behind it sits inside YuSMP Group. We work fixed-price for well-scoped MVPs and on dedicated development teams for ongoing delivery, with a CET workday and a guaranteed East-Coast US overlap (9 AM–1 PM ET) window for stand-ups, demos, and incident response.
Frequently asked questions
How much does it cost to build a crypto wallet mobile companion app like Coinbase or Crypto.com?
A focused crypto-wallet companion MVP covering iOS and Android clients on Flutter, biometric unlock, balance dashboard, P2P transfers, and store submissions typically costs $120k–$280k. Adding a fiat-crypto bridge with card gateway, in-app exchanger, multi-tier KYC, hardware-wallet pairing, and audit-ready data-handling brings a full-featured product to $320k–$680k. The dominant cost drivers are the per-OEM Android matrix work, the payment-gateway PCI-scope isolation, and the App Store and Google Play financial-app review choreography around custody disclosures.
Why use Flutter instead of React Native or full native for a crypto wallet?
Flutter ships iOS and Android from one Dart codebase with pixel-consistent rendering via Skia, which matters when crypto charts have to render at 60 fps on a $200 mid-tier Android device. The platform-channel escape hatch keeps native StoreKit, Google Play Billing, and biometric APIs reachable when needed. React Native is a reasonable alternative with similar team economics; full native iOS plus Android typically doubles the team and roughly doubles the timeline. For a wallet companion app where the backend already exists, Flutter is the lower-risk choice.
How do you keep private keys safe in a custodial mobile wallet?
The mobile app never sees private keys. Keys live on the backend in hardware-isolated key vaults with access logged for audit, and the mobile client only ever receives short-lived bearer tokens that authorize specific operations. Every money-moving action requires a fresh biometric confirmation regardless of how recently the user authenticated, and a failed-biometric streak wipes the in-memory session state. Determined attackers with full device access can still social-engineer a biometric, but the custodial model puts the high-value compromise behind the backend, not the phone.
What are the App Store and Google Play rules for a crypto app?
Apple requires crypto apps to comply with the financial-services category, disclose custody and volatility risk in-product, and use StoreKit for any in-app purchases of non-crypto value. Google Play requires equivalent disclosures, declares the financial-app purpose prominently, and passes additional permissions review. Both stores require functional KYC for fiat on-ramps, a transparent disclosure of any data collection, and — for apps serving EU and California users — a granular consent mechanism that satisfies GDPR and CCPA / CPRA in the same flow.
How long does it take to ship a crypto wallet companion app on iOS and Android?
A focused MVP with Flutter clients, biometric unlock, asset dashboard, P2P transfers, and both store submissions typically takes 16–22 weeks. Adding a fiat-crypto bridge with card gateway, in-app exchanger, multi-tier KYC, and a per-OEM Android battery-optimizer matrix adds 6–10 weeks. The audit-ready hardening pass — payment-gateway PCI-scope isolation, biometric re-authentication QA, custody-plane threat modeling — is frequently underestimated and should be budgeted at 4–6 weeks of dedicated work.
Related cases
More platform builds
Blockchain · Crypto
Cyber Token
End-to-end ERC-20 token launch — Solidity contract, security audit, exchange listings, MetaMask checkout.
View case → Crypto · FinTechEverCoin Bank
Unified crypto-ecosystem hub aggregating multiple tokens — live exchange data, charts, direct purchase entry point.
View case → FinTech · e-SignatureSignatory Pro
Cross-platform e-signature product with audit-ready posture, US + EU launch, GDPR + CCPA alignment.
View case →