Ledger applications

Hardware wallets manage cryptocurrencies through separate applications, one per coin or token, each installed from a companion manager on a host device. These apps perform a single vital job: they derive the private keys that control addresses and they use those keys to verify receiving addresses and to sign transactions. The private keys are generated deterministically from your 24-word recovery phrase and a derivation path that is specific to each asset. The derivation path is a simple numeric instruction that tells the device which branch of the key tree to compute for a given account or coin. All sensitive operations happen inside a dedicated secure element and under a locked operating environment so the recovery phrase never leaves the device and raw private keys never reach the host. Public keys and addresses are derived from those private keys and are safe to share; signatures generated by the device prove ownership without exposing secrets. Apps are strictly isolated from each other by the device operating system so a flaw or compromise in one app cannot affect wallets for other assets. This isolation also enables vetted third-party development because individual apps run in controlled silos rather than in a single monolithic firmware where a single bug might endanger every currency. When a host application prepares a transaction it sends the unsigned data to the hardware wallet, the wallet displays the intended outputs for independent review, and only after the user approves does the wallet sign the transaction internally and return the signature. Uninstalling an app does not remove your crypto because the recovery phrase and derivation path still produce the same private keys when the app is reinstalled; your funds remain tied to those deterministic keys, not to the presence of an app binary on the device. For security, keep the 24-word seed offline and backed up, use the correct derivation settings for each chain, and verify address and amount on the device screen before approving any operation. This architecture balances strong isolation, transparent determinism, and extensibility, allowing secure custody of many assets while permitting audited third-party tools to interact with the device without ever gaining access to private keys.