Hi. Creator of WalletScrutiny here. Just found this thread and thought to comment on some doubts:
Not reproducible from source provided means that every time you compile the app's source code you get a different binary file.
No, not exactly. That would be "builds are not deterministic". WalletScrutiny is about the reproducibility of the binary provided by Google Play in this case. In many cases the build is perfectly deterministic but yields something other than what's on Google Play and in many cases the build fails completely. Both those cases are "not reproducible", too. Distinction is not really worth own categories as only reproducibility of the binary in question gives an assurance of the binary being compiled from the source provided.
Electrum app is not reproducible from source, indeed. This information was already mentioned on their github repo:
✗ This script does not produce reproducible output (yet!). Please help us remedy this.
... which doesn't change the problem of not even the team being able to check on their release manager. Do you think the release manager would refuse to release an evil update with a gun to his head? Or he might catch a backdoor? Or he might "catch a backdoor"? How much money is under that wallet's control?
I wouldn't trust that page if I were you since they can't differentiate fake electrum and the original.
Update: I have read the whole article and it looks like that the version written in the page was updated somehow but other links like readme.md aren't.
The date and version are still misleading.
Feel free to make a
pull request to our public git repository. Working mostly alone on this, covering more than 200 apps, keeping it up to date with every new release of a reproducible wallet is kind of a challenge.
I doubt on reviews on that site. The Cryptowisser.com has its informative review page for wallets. Go ahead and check their reviews at:
82 wallets, many of which don't even support Bitcoin and none of the review goes much to explain how the result came to be. WalletScrutiny is about reproducibility and the provider's potential to pull an exit scam or actually lose
all the funds of all the users at once.
There is a lot of information available in this forum about good Bitcoin wallets. Why do you need to go to other website?
I have been using Mycelium wallet for a long time now as my priority was to have a mobile based wallet and I have not faced any issue with it to date.
I'm incidentally also the release manager of Mycelium, so thank you for your trust. WalletScrutiny is my side project.
Please consider the incentives for long cons! Just because the wallet of your choice had
no issues so far doesn't mean it will not lose yours and all the other users' funds in an instance at some point.
...
for storage and security purposes you want to use desktop versions not a mobile wallet.
Sadly, the very non-free systems Android and iPhone are actually quite secure by not giving the user root access and by sand-boxing apps. Android and iPhone were designed from the start to run hundreds of adversarial apps on the same system. A random Windows user should
not use his desktop for Bitcoin but rather a modern mobile phone or better a hardware wallet.
Android specific wallets
Interesting list at first glance, but on a second thought, ... hmmm.
I mean that I would not keep more than 100$ worth of funds on any Android wallet, no matter how legit it is and how reproducible the build is; Android security is .. weak.
Weak compared to what exactly? Android has an excellent track record of keeping apps in their respective sandboxes. As the release manager of an Android Bitcoin wallet I am biased but also quite knowledgeable about the security aspects I would think. If you don't root your phone or at least don't grant root access to the wrong apps, your coins are certainly safer in an Android wallet than on your average Windows machine.
OK, a legit and maybe reproducible Android wallet is necessary, but not enough (imho).
I agree. To quote from
our methodology page:
The classification “reproducible” unfortunately means very little. It means that at the random point in time that we decided to verify the code to match the app, the code actually did match the app. It does not mean that the next update will or that the prior one did and it does not mean that the reproducible code is not doing evil things.
In fact, we believe the most likely scenario for an exit scam is that the wallet would bait-and-switch. It would see to how many users it could grow the app or even buy out a successful wallet in financial trouble to then introduce a code to leak the backups.
The evil code would not be present until the app is losing users (or funds under management) for whatever other reason.
Any stamp of approval, any past security audit or build verification would be obsolete. Therefore we don’t see our mission as fulfilled when all wallets are reproducible. There is...
If one uses Android a lot for Bitcoin transfers, I'd say that a proper hardware wallet is a must. I think that this is actually one important use case for hardware wallets (and not holding, as many use them for).
HW wallets are a bit of a pain on the go but feasible. I'd still consider HW wallets primarily for hodling.