Those are real motivations (meaning problems to solve) that I also encountered on markets (using another blockchain). I thinks those concerns need to be taken into accounts and discussed.
I see only big advantages to web app VS extension VS mobile app for creating a friendly usable wallet and as such, I’m inclined to go this way in priority.
If we can afford it, it would be great to have these three possibilities developped and let users choose which is the best for them (see Solflare wallet as an example).
On my spare time, I would really love to collaborate on this project as I want to learn more about flutter, even if I think a web app should have been done in a more recent web language (Next.js or Vue.js for example). I mean, if it’s okay with you @vjrj ?
I strongly disagree with this one.
To reply to @tuxmain concerns which are great ones, I would suggest the following:
IMPLEMENTATION
Let’s say you have your web app (G1nko) you develop, so many change are happening which are transparent to the user as she doesn’t need to update anything (as you mentioned).
All the wallet interactions (mainly storing private keys and signing transactions) are handled by a separate module (preferably web workers). This module is very rarely changed has once the function are implemented, only a blockchain protocol change would trigger a need to change the Wallet module.
As a security measure, the wallet module has a specific hash so when it is changed, the hash also changed. This hash is stored on the blockchain on multi sig account (best way) or any other decentralised storage with a multi sig access. Multi sig means that it should have more than one dev validation to modify the key).
USAGE
When the web app needs to do an operation, it will first request the hash, then check the wallet module against the hash. If it matches, perfect, it means that the wallet module is correct and the user can perform wallet operations and transactions. Otherwise, the wallet module has been hacked or the key not yet updated.
What prevents the web app to be hacked and bypass the wallet module? We can sign things, but browsers cannot natively check code for now. This cannot be solved using only layers and indirections, it is still needed to reliably install at least one thing (e.g. a generic DHT proxy with hash checking, a package manager or a specific extension).
I think such a wallet may be ok for small amounts (and even then, 1000 small accounts makes a large account, so it should be decentralized) but it should warn the users about the risks, maybe even refuse to handle too much money, and refuse to handle member accounts. (except for test blockchains, where we don’t need that much security)
Note: I have the same wallet of the web exported to the android version, and works as expected in my firsts tests.
@flodef , you are more than welcome. I’m quite newbie is all this ecosystem. Flutter is from 2017… is this now old !?
Regarding the discussion on security, I was thinking this weekend about the “backwards law” mentioned by Alan Watts, which states that often you achieve the opposite of what you want. For example, you want to impress a girl but with your attitude, you may end up achieving the opposite effect; or if you want to feel secure in your house, and you install visible alarms and bars on the windows, you may end up drawing more attention and attract potential thieves.
In our case we want to be very secure with our passwords/passphrases but at the end there are users that sometimes are quite exposed (if people cannot remember their pass/passwords and bring them in a paper that anyone can memorize or make a photo) as they are doing this is a open market and frequently. Even me, using a password manager with other pass in public anytime I want to use my Cesium.
J’ai installé le .apk, mais impossible d’importer le portefeuille que j’avais exporté depuis le site web. Je ne peut pas naviguer pour retrouver le bon dossier.
Sera-t-il possible un jour de payer en DUğ1 plutôt qu’en ğ1. Le DUğ1 sera un invariant temporel, ce serai bien de pouvoir l’utiliser pour payer.
I installed the .apk, but I can’t import the wallet I exported from the website. I can’t navigate to find the correct folder.
Will it ever be possible to pay in DUğ1 rather than ğ1. The DUğ1 will be a time invariant, it would be nice to be able to use it to pay.
You can create a backup to see where the wallet.json is placed. In my case Android/data/org.comunes.ginkgo/files
This is the application folder so you don’t need perms to access it. Brave save a wallet export in a similar place.
I tested the APK, it’s very handy on the phone
we get a better sense of the app use than in the browser
GVA allows to be very quickly notified about a new transfer, that’s a game changer, thanks to bring it to life!
J’ai exporté mon portefeuille depuis l’application, et je le retrouve quand je tente de faire un import.
J’ai incliné mon téléphone pour voir le nom du fichier en entier.
I exported my wallet from the app, and I can find it again when I try to do an import.
I tilted my phone to see the full file name.
Quand je cherche ce fichier ou ce dossier avec mon gestionnaire de fichier, je ne retrouve que les portefeuilles que j’avais exportés depuis le site web.
Je ne retrouve pas le dossier utilisé par l’application.
When I search for this file or folder with my file manager, I only find the wallets I had exported from the website.
I can’t find the folder used by the application.
Does your file manager have access to others directory?
Mon gestionnaire de fichier me permet de naviguer sur tous les répertoires. J’ai même activé l’affichage des fichiers caché.
Mais je ne trouve pas le répertoire utilisé par l’application.
Je suis un utilisateur basique, Mes compétences sont très basses. Mais je pense que cette application est prévue pour les utilisateurs comme moi.
My file manager allows me to browse all directories. I have even activated the display of hidden files.
But I can’t find the directory used by the application.
I am a basic user, my skills are very low. But I think this application is meant for users like me.
I’ll try to fix with more energy because I spent a lot of time trying to use the downloads directory without success with permissions issues (this changed a lot between different Android versions, and the documentation and libraries seems to me not very up-to-date). The app application folder does not have so much restrictions.
Le problème, c’est que je n’arrive pas à retrouver le dossier de l’application, je ne sais pas comment le retrouver pour y mettre le .json que j’avais exporté depuis le site web.
Par contre, l’utilisation des contacts avec le scan de qrcode et le glisser pour faire des payements est vraiment super pratique, j’adore.
The problem is that I can’t find the application folder, I don’t know how to find it to put the .json I had exported from the website.
I’m not sure how to find the .json file that I exported from the website, but the use of the contacts with the qrcode scan and slide to make payments is really super practical, I love it.
So, if I wanted to hack the web app, I would first get ready with my web app patch. The patch would skip the hash check and return it as valid. I would then have to recreate a complete wallet module on another web site and link my web app patch to it. The wallet module should redirect every payment to a new wallet that is created on the fly (of course, I have all the private keys)
After being ready, I would have to take at the same time ownerships of the website where the app is located and of the other website where the wallet module is located. Which is insanely hard : you need many many powerfull computers to achieve that !!
Once done, I would have to wait for people to pay using the app, redirecting every payment directly in my wallets. Because draining wallet when they connect would be too obvious.
The time it takes for a payment recipient to acknowledge that he hadn’t receive the payment, to declare it to the forum and for the dev team to retrieve ownership of the website (or at least shuting down) would be enough to grab some money.
I would then try to send all my wallet’s money into a mixer and then to other different wallets to hide my tracks, hoping that my wallets are not flagged as frozen by the dev team.
However, because the June is not convertible, I would not be able to convert it back to Euro, or any other fiat / crypto currencies. I would have to spend it on the network. And if flagged, that would be impossible.
Anyway, like said before, this is too much hard work and risky, I would definitely use phishing / scam to make more money faster.
Also, note that if I can powned the website, I can also pown the .apk / extension and insert malicious code to do the same trick. Even faster, as only one app patch is needed.
Note that average users have “auto update apps” option set by default, and when connected to the Play Store, updates the .apk as soon as it is connected to internet. The same happens with extensions.
Like said before, if that trick was easy to do, Solflare would have been already hacked. And Solana or other SPL tokens are convertible to fiat / crypto currencies, so it’s easier to take the money and fly away.
Awesome remark !!
TLDR: Always have a “hot wallet” for everyday life and a “cold wallet” for storage
Summary
What would be achievable by powning the web site (see “How-To” above) would be to intercept transactions happening on the web site to stay hidden the longer possible.
But you are absolutely right, “don’t put all your eggs in the same basket” and if you fear for your account being on the web browser, you should definitely have a simple and practical “hot wallet” like the web app, where there is enough June to pay for things in everyday life, and a “cold wallet” used only to store your money, like a numeric vault (or a ledger).
Like when you go out to a flee market with cash, you don’t take all of your money (especially if you have a lot)
Maybe it’s also a great advice in everyday life with traditional banking as well
Let’s keep in mind that everything is hackable. But it’s not because it’s hackable that it will be hacked.
I totally agree with @vjrj analogy: if you keep your house behind alarms, armored doors and window and you have to close it using 12 different keys everytime you leave / enter your fortress, it will just be a great waste of time and energy. Especially if inside of your house, you just live like a stoic !
A global advice on security (for example on the forum) would be nice. But letting people decide what is best for them is key.
In my project, I personnaly use steganography which is storing the encrypted key in a simple sentence (two words sentence). Hence, this “sentence” could easily be send / share over the network using chat / mail / note without the risk of losing it.
Congrats for the hard work !! You are a coding beast
If qr works without google services
I also improved the send button that it should work better now
