|
Title: Can someone verify the trustworthiness of this Android App? Post by: Tacticat on January 04, 2013, 11:07:06 PM It is not a wallet per se, but it's super useful to create brainwallets on the go.
Is there any way to prove that the app does not connect to the internet and send the keys? "Bitcoin Address Tool" - On Android Market: https://play.google.com/store/apps/details?id=com.CIMS.BitcoinAddress Thanks! Title: Re: Can someone verify the trustworthiness of this Android App? Post by: 01BTC10 on January 04, 2013, 11:51:07 PM I've found this app to sniff traffic but my phone isn't rooted yet... https://play.google.com/store/apps/details?id=lv.n3o.shark&hl=en
Title: Re: Can someone verify the trustworthiness of this Android App? Post by: paraipan on January 04, 2013, 11:59:21 PM It is not a wallet per se, but it's super useful to create brainwallets on the go. Is there any way to prove that the app does not connect to the internet and send the keys? "Bitcoin Address Tool" - On Android Market: https://play.google.com/store/apps/details?id=com.CIMS.BitcoinAddress Thanks! The app is legit and I use it every time I have a chance, here is the original thread https://bitcointalk.org/index.php?topic=86128.0 Title: Re: Can someone verify the trustworthiness of this Android App? Post by: casascius on January 05, 2013, 12:23:14 AM Don't Android apps that talk to the network need permissions to do so?
This app isn't listed as needing permissions to access anything other than the camera. I'm developing a tool for iPhone to help create encrypted paper wallets and plan to put it in the app store. The idea is that you can put your passphrase into the tool, the tool will assist you in ordering paper wallets from someone else that require your passphrase, but without actually divulging the passphrase. The tool will also verify (via scanning QR codes) that the paper wallets you receive are legitimate and that they're really encrypted with your passphrase. I wish there were a more robust way for users to know it's not leaking their passphrase. I will be releasing the source, and at least the binary will be signed, but the average iPhone user isn't going to be able to compile or install it without payware. I suppose, at least, that someone interested in compiling this tool themselves could just do that with my desktop utility. Title: Re: Can someone verify the trustworthiness of this Android App? Post by: K1773R on January 05, 2013, 01:48:45 AM Don't Android apps that talk to the network need permissions to do so? there are several ways to bypass this which arent fixed to date!This app isn't listed as needing permissions to access anything other than the camera. I'm developing a tool for iPhone to help create encrypted paper wallets and plan to put it in the app store. The idea is that you can put your passphrase into the tool, the tool will assist you in ordering paper wallets from someone else that require your passphrase, but without actually divulging the passphrase. The tool will also verify (via scanning QR codes) that the paper wallets you receive are legitimate and that they're really encrypted with your passphrase. I wish there were a more robust way for users to know it's not leaking their passphrase. I will be releasing the source, and at least the binary will be signed, but the average iPhone user isn't going to be able to compile or install it without payware. I suppose, at least, that someone interested in compiling this tool themselves could just do that with my desktop utility. http://www.defcon.org/images/defcon-18/dc-18-presentations/Lineberry/DEFCON-18-Lineberry-Not-The-Permissions-You-Are-Looking-For.pdf there's another security issue where u can use the internal browser to create a tunnel outside (couldnt find the link, altough didnt search long) and therefore the app dosnt need any permissions. therefore u cant know if its secure unless u test it in a sandbox or got the sourcecode. |