Message Signing (EIP-191/EIP-712) in Mobile Wallet

NOVASOLUTIONS.TECHNOLOGY is engaged in the development, support and maintenance of iOS, Android, PWA mobile applications. We have extensive experience and expertise in publishing mobile applications in popular markets like Google Play, App Store, Amazon, AppGallery and others.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and support of all types of mobile applications:
Information and entertainment mobile applications
News apps, games, reference guides, online catalogs, weather apps, fitness and health apps, travel apps, educational apps, social networks and messengers, quizzes, blogs and podcasts, forums, aggregators
E-commerce mobile applications
Online stores, B2B apps, marketplaces, online exchanges, cashback services, exchanges, dropshipping platforms, loyalty programs, food and goods delivery, payment systems.
Business process management mobile applications
CRM systems, ERP systems, project management, sales team tools, financial management, production management, logistics and delivery management, HR management, data monitoring systems
Electronic services mobile applications
Classified ads platforms, online schools, online cinemas, electronic service platforms, cashback platforms, video hosting, thematic portals, online booking and scheduling platforms, online trading platforms

These are just some of the types of mobile applications we work with, and each of them may have its own specific features and functionality, tailored to the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 1735 services
Message Signing (EIP-191/EIP-712) in Mobile Wallet
Medium
~2-3 business days
FAQ
Our competencies:
Development stages
Latest works
  • image_mobile-applications_feedme_467_0.webp
    Development of a mobile application for FEEDME
    756
  • image_mobile-applications_xoomer_471_0.webp
    Development of a mobile application for XOOMER
    624
  • image_mobile-applications_rhl_428_0.webp
    Development of a mobile application for RHL
    1054
  • image_mobile-applications_zippy_411_0.webp
    Development of a mobile application for ZIPPY
    947
  • image_mobile-applications_affhome_429_0.webp
    Development of a mobile application for Affhome
    862
  • image_mobile-applications_flavors_409_0.webp
    Development of a mobile application for the FLAVORS company
    445
Show more works

Message Signing Implementation (EIP-191/EIP-712) in Mobile Wallet

Message signing — not transaction signing. User confirms arbitrary payload: login to dApp, off-chain DEX order, token transfer approval. Wrong implementation means signature for "harmless" message can be reused for unwanted action.

EIP-191 vs EIP-712 — Practical Difference

EIP-191 — basic standard. Personal sign adds prefix "\x19Ethereum Signed Message:\n" + len(message) before hashing. Protects from replay: raw message signature can't be reused as transaction signature because formats differ.

keccak256("\x19Ethereum Signed Message:\n" + message.length + message)

EIP-712 — structured data. Instead of string, sign typed structure:

keccak256("\x19\x01" + domainSeparator + hashStruct(message))

domainSeparator includes chainId, verifyingContract, name — binds signature to specific contract and network. Signature for contract A on Ethereum mainnet won't be accepted by contract B or testnet.

EIP-712 Implementation on Mobile

Complexity in correctly hashing structures. hashStruct recursive — nested types hash separately. Common mistake — not including nested type in encodeType:

For structure:

Mail { Person from; Person to; string contents }
Person { address wallet; string name }

typeHash for Mail must include "Mail(Person from,Person to,string contents)Person(address wallet,string name)" — both types alphabetically with nested.

In React Native use @metamask/eth-sig-util or ethers.js v6 TypedDataEncoder. On Flutter — native plugin or web3dart with custom EIP-712 hasher (few ready solutions, write custom per spec).

UI for Message Signature

User must see what they sign. For EIP-712 — decoded structure with readable fields, not hex string. Minimum:

  • dApp name + domain from domain.name
  • Operation type from structure types
  • Key fields: addresses, amounts, deadline

MetaMask shows full structure tree. For mobile UI highlighting critical fields sufficient, rest under "Show Details" button.

Biometry / PIN before signing — mandatory like transactions.

Contract Verification

After mobile signing, contract must verify:

function verify(address signer, Mail calldata mail, bytes calldata signature) public view returns (bool) {
    bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
        keccak256("Mail(address from,address to,string contents)"),
        mail.from, mail.to,
        keccak256(bytes(mail.contents))
    )));
    return signer == ECDSA.recover(digest, signature);
}

Test compatibility: mobile signature → contract verification in Hardhat test. Only reliable way ensuring hashes match.

Timeline — 2–3 days: EIP-191 for personal sign, EIP-712 for specific structures, UI with decoding, biometric confirmation, contract test.