Bitcoin Forum
October 19, 2018, 10:14:46 AM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Can someone verify the trustworthiness of this Android App?  (Read 1321 times)
Tacticat
Full Member
***
Offline Offline

Activity: 210
Merit: 100



View Profile
January 04, 2013, 11:07:06 PM
 #1

It is not a wallet per se, but it's super useful to create brainwallets on the go.

Is there any way to prove that the app does not connect to the internet and send the keys?

"Bitcoin Address Tool" - On Android Market:

https://play.google.com/store/apps/details?id=com.CIMS.BitcoinAddress

Thanks!

Tips and donations:

15nqQGfkgoxrBnsshD6vCuMWuz71MK51Ug
1539944086
Hero Member
*
Offline Offline

Posts: 1539944086

View Profile Personal Message (Offline)

Ignore
1539944086
Reply with quote  #2

1539944086
Report to moderator
1539944086
Hero Member
*
Offline Offline

Posts: 1539944086

View Profile Personal Message (Offline)

Ignore
1539944086
Reply with quote  #2

1539944086
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1539944086
Hero Member
*
Offline Offline

Posts: 1539944086

View Profile Personal Message (Offline)

Ignore
1539944086
Reply with quote  #2

1539944086
Report to moderator
01BTC10
VIP
Hero Member
*
Offline Offline

Activity: 756
Merit: 500



View Profile
January 04, 2013, 11:51:07 PM
 #2

I've found this app to sniff traffic but my phone isn't rooted yet... https://play.google.com/store/apps/details?id=lv.n3o.shark&hl=en
paraipan
Legendary
*
Offline Offline

Activity: 924
Merit: 1003


Firstbits: 1pirata


View Profile WWW
January 04, 2013, 11:59:21 PM
 #3

It is not a wallet per se, but it's super useful to create brainwallets on the go.

Is there any way to prove that the app does not connect to the internet and send the keys?

"Bitcoin Address Tool" - On Android Market:

https://play.google.com/store/apps/details?id=com.CIMS.BitcoinAddress

Thanks!

The app is legit and I use it every time I have a chance, here is the original thread https://bitcointalk.org/index.php?topic=86128.0

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1040


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
January 05, 2013, 12:23:14 AM
 #4

Don't Android apps that talk to the network need permissions to do so?

This app isn't listed as needing permissions to access anything other than the camera.

I'm developing a tool for iPhone to help create encrypted paper wallets and plan to put it in the app store.  The idea is that you can put your passphrase into the tool, the tool will assist you in ordering paper wallets from someone else that require your passphrase, but without actually divulging the passphrase.  The tool will also verify (via scanning QR codes) that the paper wallets you receive are legitimate and that they're really encrypted with your passphrase.

I wish there were a more robust way for users to know it's not leaking their passphrase.  I will be releasing the source, and at least the binary will be signed, but the average iPhone user isn't going to be able to compile or install it without payware.

I suppose, at least, that someone interested in compiling this tool themselves could just do that with my desktop utility.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
K1773R
Legendary
*
Offline Offline

Activity: 1792
Merit: 1008


/dev/null


View Profile
January 05, 2013, 01:48:45 AM
 #5

Don't Android apps that talk to the network need permissions to do so?

This app isn't listed as needing permissions to access anything other than the camera.

I'm developing a tool for iPhone to help create encrypted paper wallets and plan to put it in the app store.  The idea is that you can put your passphrase into the tool, the tool will assist you in ordering paper wallets from someone else that require your passphrase, but without actually divulging the passphrase.  The tool will also verify (via scanning QR codes) that the paper wallets you receive are legitimate and that they're really encrypted with your passphrase.

I wish there were a more robust way for users to know it's not leaking their passphrase.  I will be releasing the source, and at least the binary will be signed, but the average iPhone user isn't going to be able to compile or install it without payware.

I suppose, at least, that someone interested in compiling this tool themselves could just do that with my desktop utility.
there are several ways to bypass this which arent fixed to date!
http://www.defcon.org/images/defcon-18/dc-18-presentations/Lineberry/DEFCON-18-Lineberry-Not-The-Permissions-You-Are-Looking-For.pdf
there's another security issue where u can use the internal browser to create a tunnel outside (couldnt find the link, altough didnt search long) and therefore the app dosnt need any permissions.
therefore u cant know if its secure unless u test it in a sandbox or got the sourcecode.

[GPG Public Key]  [Devcoin Builds]  [BBQCoin Builds]  [Multichain Blockexplorer]  [Multichain Blockexplorer - PoS Coins]  [Ufasoft Miner Linux Builds]
BTC/DVC/TRC/FRC: 1K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM AK1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: NK1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: LKi773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: EK1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: bK1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!