Bitcoin Forum
December 10, 2016, 12:57:01 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [21] 22 23 24 25 26 27 28 29 »
  Print  
Author Topic: Bitcoin Wallet for Android  (Read 115078 times)
Andreas Schildbach
Moderator
Hero Member
*
Offline Offline

Activity: 563



View Profile WWW
August 17, 2013, 12:27:35 PM
 #401

Please remove or re-label the "Disconnect" option, it is now clear that the function it implies is disingenuous

For now, you can uncheck "Connectivity Indicator" in the prefs. It will remove the Disconnect option at the same time.

Bitcoin Wallet for Android: Your own Bitcoins, in your own pocket!
https://play.google.com/store/apps/details?id=de.schildbach.wallet
1481374621
Hero Member
*
Offline Offline

Posts: 1481374621

View Profile Personal Message (Offline)

Ignore
1481374621
Reply with quote  #2

1481374621
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481374621
Hero Member
*
Offline Offline

Posts: 1481374621

View Profile Personal Message (Offline)

Ignore
1481374621
Reply with quote  #2

1481374621
Report to moderator
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526


View Profile
August 17, 2013, 01:50:25 PM
 #402

What? Why can't the change address simply be the paper wallet itself? Plus isn't this how Android Bitcoin Wallet works already, sending from it's main address, and sending all change right back to the same main address?

The app doesn't know you imported a key from a paper wallet. Most wallets will not replace keys but add to them. Hence the problem.

Once again, you can disable background connectivity if you are running ICS+ using a feature in the OS. By the way, Andreas doesn't work for Google and never did, so that's a pretty stupid comment.
Rassah
Legendary
*
Offline Offline

Activity: 1624


Director of Bitcoin100


View Profile
August 17, 2013, 03:11:54 PM
 #403

What? Why can't the change address simply be the paper wallet itself? Plus isn't this how Android Bitcoin Wallet works already, sending from it's main address, and sending all change right back to the same main address?

The app doesn't know you imported a key from a paper wallet. Most wallets will not replace keys but add to them. Hence the problem.

So, then, what are the risks with Mycelium that people should be worried about? Is there a change that, when you tell it to spend from a paper wallet, that it can create an address it doesn't own private keys to to send change to? I'm having trouble getting this, as I thought the sending and receiving change was typically straightforward...

P.S. sorry for pestering you, I just want to make sure I understand this right.

Carlton Banks
Legendary
*
Offline Offline

Activity: 1470



View Profile
August 17, 2013, 11:33:50 PM
 #404

By the way, Andreas doesn't work for Google and never did, so that's a pretty stupid comment.

It aids the comprehension of your insults (and the understanding of your character) if:

- they're addressed at the person you're quoting
- failing that, that they address the assertions of any comments that your name calling could possibly be attributed to
- failing that, that your stated solution to the pertaining comments is anything more than heaping inconvenience upon conceited and unnecessary cultural impositions. There is no good reason to follow these cultural dogmas

Your conduct sounds, well, pretty stupid in light of the above

Vires in numeris
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 19, 2013, 07:17:57 AM
 #405

What? Why can't the change address simply be the paper wallet itself? Plus isn't this how Android Bitcoin Wallet works already, sending from it's main address, and sending all change right back to the same main address?

The app doesn't know you imported a key from a paper wallet. Most wallets will not replace keys but add to them. Hence the problem.

So, then, what are the risks with Mycelium that people should be worried about? Is there a change that, when you tell it to spend from a paper wallet, that it can create an address it doesn't own private keys to to send change to? I'm having trouble getting this, as I thought the sending and receiving change was typically straightforward...

P.S. sorry for pestering you, I just want to make sure I understand this right.
When you use the Cold Storage spending feature in Mycelium it knows that you are spending from an external private key (e.g. paper). It creates an in-memory one-key wallet for this one spending. After that it is wiped from memory. If there is any change left it gets sent back to the one key where it came from (e.g. paper). Note that even though Mycelium only has the private key in memory very briefly your private key is only as safe as your device was at the time of spending. A very sophisticated app that has root privileges on you device might snag it from memory. For optimal security use a dedicated device. An old second hand device will do if you nuke it to factory defaults, install cyanogenmod, no SIM, and only install and use for this purpose.

Mycelium let's you hold your private keys private.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526


View Profile
August 19, 2013, 10:13:05 AM
 #406

Right, the difference is that Mycelium Wallet has explicit support for the paper wallet use case, so it knows how to manage keys appropriately. At the moment Bitcoin Wallet doesn't.

Probably the right way to support paper wallets in SPV clients is to have the app take you through the process of creating them, printing them out, etc. The app can then keep the public key on the device all the time so it's always synchronised. There's no "import" step and no need for rescanning. The app knows it's a paper wallet and can manage change appropriately. Android is now integrated with the "cloud print" thingy that Google is pushing so you could print a wallet directly from your tablet or phone. Or it can just create a PDF and let you print that however you want, both are easy. Or encode the key as words and you write them down by hand.

I think a part of doing this feature is also to separate out the "paper wallet as a backup" use case, from the "paper wallet as offline storage against malware protection" use case. The latter is less convincing to me than the former, because as Jan points out sufficiently well written malware can just wait until you want to access the money in your offline wallet. Support for Trezor is possible on phones and tablets - that's probably the better way to fight malware. Paper wallets then become a last-chance backup mechanism in case your online backups are destroyed or lost. You'd make a backup of your root key and can then import it if you lose your regular backups. Import doesn't have to be fast because losing your regular digital backups should be a rare occurrence.
Andreas Schildbach
Moderator
Hero Member
*
Offline Offline

Activity: 563



View Profile WWW
August 19, 2013, 01:08:40 PM
 #407

Sure, having a backup of the root key / seed of your deterministic wallet is a very understandable usecase. Though I'd personally rather write the numbers down manually - you only need to do it once.

Anyway, I think when people ask for paper wallets most of them want to give them away, use them as a form of offline payment.

Bitcoin Wallet for Android: Your own Bitcoins, in your own pocket!
https://play.google.com/store/apps/details?id=de.schildbach.wallet
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526


View Profile
August 19, 2013, 05:36:04 PM
 #408

Yeah, so use them as a bearer token effectively.

Raw private keys aren't a great way to do that. An actual wallet stored somewhere online is better. Then the qrcode can just contain a URL to the wallet. It could be encrypted and the password hidden under a scratch card if need be.
hgmichna
Hero Member
*****
Offline Offline

Activity: 600



View Profile
August 20, 2013, 02:09:03 PM
 #409

Android is now integrated with the "cloud print" thingy that Google is pushing so you could print a wallet directly from your tablet or phone.

Hoping, of course, that none of Google's cloud administrators is into collecting private keys to beef up his pension after resigning from that highly lucrative job. Smiley

Seriously, I would not even let my private key run through any Windows computer, much less through a cloud. If you cannot print without the key making larger rounds outside your well-protected wallet (a single-purpose Android device or similar), it is much safer to copy and write it down manually, as Andreas already recommended.
TierNolan
Legendary
*
Offline Offline

Activity: 1050


View Profile
August 20, 2013, 04:26:48 PM
 #410

Hoping, of course, that none of Google's cloud administrators is into collecting private keys to beef up his pension after resigning from that highly lucrative job. Smiley

Armory has a "print-safe" system.  You write an additional (short) unlock key on the paper backup.

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
Krellan
Member
**
Offline Offline

Activity: 105


View Profile
August 20, 2013, 10:15:22 PM
 #411

(Edit) It's worse now!  Unfortunately, there has been an insidious new thing added to this app.  It now automatically starts up in the background, on a timer!  Every few minutes, it pops up.  That's maddening, to say the least.  This happens no matter if your phone is on battery or on charger, so not only will it waste your network, it will waste your battery as well.  Beyond frustrated.  The developer, unfortunately, does not understand that this would be a problem to many people.  I have no choice but to empty my wallet and delete this app.

How are you observing this, by the way? Have you enabled the connection bars in the notification tray? I agree that would be annoying, which is why the indicator is now disabled by default. Try the same thing and you won't be able to see it start up.

The app doesn't "waste network or battery". Go and look at the actual usage in your data/battery usage screens. It's probably 1% or less. This issue exists in your head only.

Yes, I enabled the connection bars.  However, we're at a fundamental misunderstanding here.  Hiding the connection bars will only mask the problem, making it less visible.  The problem is that this app wakes up in the background and does its stuff, and the user has no way to disable this unwanted behavior.  Do you see this?  Do you realize this?

Before I deleted it, it had used 5% of my battery.  That's not just in my head!

1JUZr4TZ5zuB4WdEv4mrhZMaM7yttpJvLG Smiley
Krellan
Member
**
Offline Offline

Activity: 105


View Profile
August 20, 2013, 10:20:08 PM
 #412

Sigh. I should have known better considering this app comes from a Google culture.

People do have a right to be able to choose when they run the software on devices that belong to them, disabling choice after so much good work has been done to get this app where it is is a real shame.

I shall be voting with my feet in the future: roll on Ubuntu phone project, they're much more likely to respect the right to choose, as well as people's intelligence. [...]

Thank you!

Somebody agrees with me!

I'm not the only one who thinks that this app running in the background, burning up data plan and battery, is not the best idea!

It's a great app, don't get me wrong on that, I just wish it would have a way of not running until it was time for the user to actually want to use it.

A single checkbox, that would be strictly obeyed by the app, would make all the difference:

[ ] Run in background

Uncheck this, and it would never run except when in the foreground.  No hooking the reboot event, to run then.  No hooking the charger connection event, to run then.  No running on a periodic timer, either.  Simply do not run at all, unless the app is in the foreground.  That's really it.  That's all we want.

Your words are effective.  I can't seem to communicate to the developers, they are deflecting my requests, and patronizing me by merely adding a link to the "Data Usage" settings screen.

1JUZr4TZ5zuB4WdEv4mrhZMaM7yttpJvLG Smiley
Carlton Banks
Legendary
*
Offline Offline

Activity: 1470



View Profile
August 21, 2013, 12:27:31 AM
 #413

Sigh. I should have known better considering this app comes from a Google culture.

People do have a right to be able to choose when they run the software on devices that belong to them, disabling choice after so much good work has been done to get this app where it is is a real shame.

I shall be voting with my feet in the future: roll on Ubuntu phone project, they're much more likely to respect the right to choose, as well as people's intelligence. [...]

A single checkbox, that would be strictly obeyed by the app, would make all the difference:

[ ] Run in background

Uncheck this, and it would never run except when in the foreground.  No hooking the reboot event, to run then.  No hooking the charger connection event, to run then.  No running on a periodic timer, either.  Simply do not run at all, unless the app is in the foreground.  That's really it.  That's all we want.

Your words are effective.  I can't seem to communicate to the developers, they are deflecting my requests, and patronizing me by merely adding a link to the "Data Usage" settings screen.


It's a cultural thing with the Android apps, there's ostensibly a performance advantage to having all apps as background processes, and so developers are (seemingly) ushered into this mentality. But the same reason that makes that true (low latency persistent Flash memory) also makes it false, so it seems more like just hiding usability from the user: why not let the user choose? Would that really be so unconscionable? With so many apps that require network permissions, it just seems like it's increasing the attack surface for any potential hacker. Maybe they prefer to simplify the interface, but I don't believe that, they must realise that the older generation are less likely to take Android on, and the young can adapt to mostly anything, and that's what bothers me about their whole disfigurement of computing culture: it's like they're trying to indoctrinate people to expect a narrower range of choices, all for the sake of removing a single menu item. Can't wait til they disable use of apps without a signature from the Play store  Undecided

Vires in numeris
arklan
Legendary
*
Offline Offline

Activity: 1204


Just along for the ride...


View Profile
September 21, 2013, 08:09:19 PM
 #414

Anyone know how to disable that sound the app makes when sending payments?
hgmichna
Hero Member
*****
Offline Offline

Activity: 600



View Profile
September 21, 2013, 08:33:11 PM
 #415

… it's like they're trying to indoctrinate people to expect a narrower range of choices, all for the sake of removing a single menu item. …

Removing a menu item is very valuable, particularly if the menu item is superfluous. Android is for mobile phones, and mobile phones are for everybody, not just for technophiles.

Here are some utterly negative examples from the advanced Wi-Fi settings: "Keep Wi-Fi on during sleep", "Scanning always available", "Avoid poor connections", "Wi-Fi frequency band", and in a sarcastic sense my personal favorite: "Wi-Fi optimization" - "Minimise battery usage when Wi-Fi is on". Next they will probably introduce: "Minimise battery usage when Wi-Fi is off". None of these settings should be there, as the phone can make a much better decision for each of them than any normal phone user. They are outstanding examples of the designed-by-engineers-for-engineers category.

An app should never offer the user any choice that has no significant effect on the result for the ordinary end user.
Carlton Banks
Legendary
*
Offline Offline

Activity: 1470



View Profile
September 22, 2013, 12:40:15 AM
 #416

… it's like they're trying to indoctrinate people to expect a narrower range of choices, all for the sake of removing a single menu item. …

Removing a menu item is very valuable, particularly if the menu item is superfluous. Android is for mobile phones, and mobile phones are for everybody, not just for technophiles.

Here are some utterly negative examples from the advanced Wi-Fi settings: "Keep Wi-Fi on during sleep", "Scanning always available", "Avoid poor connections", "Wi-Fi frequency band", and in a sarcastic sense my personal favorite: "Wi-Fi optimization" - "Minimise battery usage when Wi-Fi is on". Next they will probably introduce: "Minimise battery usage when Wi-Fi is off". None of these settings should be there, as the phone can make a much better decision for each of them than any normal phone user. They are outstanding examples of the designed-by-engineers-for-engineers category.

An app should never offer the user any choice that has no significant effect on the result for the ordinary end user.

That's not a very meaningful response to my point.

If there were an over-abundance of menu choices that action useless functions, then sure. But that was not the point I was making at all

Vires in numeris
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526


View Profile
September 22, 2013, 10:13:02 AM
 #417

At the moment the wallet app could tolerate a few more options, but the point hgmichna makes is a well known one in the software design industry. It always seems easier to just throw in another setting than make something work automatically for everyone, transparently. It's like boiling a frog. One day you wake up and realise your app is a bloated disaster zone of random switches and buttons that make no sense to anyone new.

It's so easy for this to happen that even Android - which hires entire teams of designers, does usability studies etc - in the dark corners it still suffers from this problem. The brilliant WiFi settings are a good example - what the fuck does "minimise battery when wifi is on" do and why would someone ever NOT want to have it enabled? This switch must do something, but what? Why does this setting even exist? Most likely it's the result of some kind of internal disagreement inside the Android wifi team ... they couldn't decide on whether a particular optimisation was worth the cost, so instead of making a clean decision they pushed it onto the user.

Making these tradeoffs is always difficult. Modern operating systems try to subtly push developers in the right direction by calling them "preferences" rather than "settings". A preference is something that is genuinely a matter of taste and will always differ between users, like a wallpaper or what sounds to play. A setting is something that controls how the software achieves its desired results and which has a correct value in almost all cases.

The hardest time to make the right call is when a feature that should work automatically for everyone isn't fully baked, and there are genuinely sound reasons why a power user might want to tweak the inner workings. Perhaps background sync is currently like that, although it feels like it's nearly there. Done properly it should never be noticed and have no impact, so why would you ever tweak it?

That's why Andreas is saying things like, if you see a lot of battery or data usage impact, let's fix that. Let's not just make background sync a toggle. Because otherwise we'll never make the feature work 100% and the setting will be stuck there forever, with the majority of users getting a worse default experience.

Carlton Banks
Legendary
*
Offline Offline

Activity: 1470



View Profile
September 22, 2013, 01:09:02 PM
 #418

It's a strangely mellifluous argument being presented.

I say "why can't I control what the software does?"

And people reply (at somewhere above 500% verbosity) "but that's not what you want"

This sort of concept of user control would be totally unacceptable for software development suites, or image manipulation software, or CAD software (trying to convince people they don't need to be able to control what their software does)

Why can't I control what the software does?

Vires in numeris
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526


View Profile
September 22, 2013, 02:22:57 PM
 #419

The Android wallet app isn't a CAD suite or IDE. Those are power tools for professionals where you are expected to take a long time to learn how they work. We really don't want Bitcoin to come across as a pro-tool for specialists.
Andreas Schildbach
Moderator
Hero Member
*
Offline Offline

Activity: 563



View Profile WWW
September 22, 2013, 03:57:10 PM
 #420

Thanks, Mike.

Yes, Bitcoin Wallet is aimed mainly at non-technical people. Concepts like "synching" does not make any sense to them, so I want to remove them from the UI entirely.

If you are a power user and want full control, I suggest building your own version. It's open source.

Bitcoin Wallet for Android: Your own Bitcoins, in your own pocket!
https://play.google.com/store/apps/details?id=de.schildbach.wallet
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [21] 22 23 24 25 26 27 28 29 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!