|
raskul
|
 |
March 14, 2014, 11:56:29 AM |
|
test BTC confirmed.   |
tips 1APp826DqjJBdsAeqpEstx6Q8hD4urac8a
|
|
|
fruitwallet (OP)
Member
 Offline
Activity: 102
Merit: 10
|
|
March 14, 2014, 12:06:03 PM |
|
|
|
|
|
|
|
raskul
|
|
March 14, 2014, 12:19:26 PM |
|
we may have some teething problems;
my brother in law has installed fruitwallet, and has sent me a request to send him some coins.
BUT - the address he sent me, via the fruitwallet app;
Please send bitcoins to
mrs61q1DPwScASkKzd2LCdHZyS17V9evRg
clearly, this is wrong... can you investigate the issue and let me know please?
|
tips 1APp826DqjJBdsAeqpEstx6Q8hD4urac8a
|
|
|
fruitwallet (OP)
Member
Offline
Activity: 102
Merit: 10
|
|
March 14, 2014, 12:20:53 PM |
|
yep, pls wait few minutes. Updated. for some reason account was created at beta.fruitwallet.com  Will resolve asap. |
|
|
|
|
|
raskul
|
|
March 14, 2014, 12:22:26 PM |
|
yep, pls wait few minutes.
OK, let me know and I can relay the message to him. |
tips 1APp826DqjJBdsAeqpEstx6Q8hD4urac8a
|
|
|
fruitwallet (OP)
Member
Offline
Activity: 102
Merit: 10
|
|
March 14, 2014, 12:31:00 PM |
|
2 e-mails were suddenly redirected to BETA.fruitwallet.com which is using not real bitcoins.
These are:
jos****@******
ro*******@******
If your brother is one of them, pls ask him to register at fruitwallet.com
We shut beta.fruitwallet.com down for now.
Issue resolved.
Thanks for help.
|
|
|
|
|
|
raskul
|
|
March 14, 2014, 12:33:51 PM |
|
yes, one of those is my bro in law
i've let him know, and also directed him to this thread.
can you remove the names above in the post now please^^
thanks.
|
tips 1APp826DqjJBdsAeqpEstx6Q8hD4urac8a
|
|
|
fruitwallet (OP)
Member
Offline
Activity: 102
Merit: 10
|
|
March 14, 2014, 12:43:41 PM |
|
done! sorry for inconvenience.  |
|
|
|
|
|
raskul
|
|
March 14, 2014, 12:44:21 PM |
|
done! sorry for inconvenience. not a problem. just waiting on him re-installing so I can send him some coins. |
tips 1APp826DqjJBdsAeqpEstx6Q8hD4urac8a
|
|
|
olsn
Newbie
Offline
Activity: 55
Merit: 0
|
|
March 14, 2014, 01:13:29 PM |
|
Hi - I have not tested the app on my iOS device yet (only on my computer with a spoofed user agent)
I have three questions though:
1) Why is my password being sent in plain? - I know you do have an SSL-connection setup, but how do we know that your service won't fish for passwords? - Worst case scenario here is that passwords are saved in plain in the db or with a symetric key.
-> It'd be more secure if noone knew my password but just a salted hash.
2) What is the specific reason for the OTA Profile Enrollment? Why do you need the UUID ect.?
3) What is proprietary about iOS devices/mobile safari that couldn't be done with other mobile browsers? (Or in short: Why is it iOS only and not Android as well?)
Besides that grats to the app so far.
|
|
|
|
|
|
raskul
|
|
March 14, 2014, 01:17:33 PM |
|
OK, another issue I found.. the scan-qr function doesn't work, it simply asks my iphone to take a photo, you need to build a qr-scanner into it. This is essential.
|
tips 1APp826DqjJBdsAeqpEstx6Q8hD4urac8a
|
|
|
|
raskul
|
|
March 14, 2014, 01:20:21 PM |
|
and every time i try to send coins from it, it asks to install the profile. this needs fixed also.
|
tips 1APp826DqjJBdsAeqpEstx6Q8hD4urac8a
|
|
|
devthedev
Legendary
Offline
Activity: 1050
Merit: 1004
|
|
March 14, 2014, 01:22:49 PM |
|
Will this ever be ported to Android? There's not too many decent wallets.
|
|
|
|
fruitwallet (OP)
Member
Offline
Activity: 102
Merit: 10
|
|
March 14, 2014, 01:51:37 PM
Last edit: March 14, 2014, 02:03:12 PM by fruitwallet |
|
Answering all the questions.
1. Plain text. Have to clarify, Will update you asap.
Updated: WE use most secure approach for this module. If somebody will ever get your password (which we really doubt), he wont pass the next step of profile installation anyway. But we have even one more layer - it is your 4 digit protection code.
2. Profile is needed to tie your wallet to device. It ties when you do it first time. When sending bitcoins - it asks for profile to CHECK if it is REALLY your phone. This way we protect your send transactions.
3. This Profile feature is supported with Safari. Only safari as we discovered so far.
We didn't find 100% secure way for Android yet. We can do it theoretically, but we want to be 100% sure, your BTC are safe.
Scan QR works for us. Steps - 1. take photo, 2. click use. Result: it shows you the address, photo is not saved to gallery. Please explain.
Anymore questions guys?
Raskul,
"and every time i try to send coins from it, it asks to install the profile. this needs fixed also." Did I answer your question? It is just for your security.
|
|
|
|
|
|
raskul
|
|
March 14, 2014, 01:59:40 PM |
|
Scan QR works for us. Steps - 1. take photo, 2. click use. Result: it shows you the address, photo is not saved to gallery. Please explain.
Nope, I tried this but it is not importing the address for me. Raskul,
"and every time i try to send coins from it, it asks to install the profile. this needs fixed also." Did I answer your question? It is just for your security.
yes thanks. just the qr scanning query which needs addressing now. take photo - yes, bitcoin address import - no. |
tips 1APp826DqjJBdsAeqpEstx6Q8hD4urac8a
|
|
|
fruitwallet (OP)
Member
Offline
Activity: 102
Merit: 10
|
|
March 14, 2014, 02:05:40 PM |
|
raskul, there should be button "use" just after you take a photo. I tested on 5c, 5, 4 iphones and iPad 2. Are you sure the photo quality is quite good? That is extremely important for us to understand the problem.
We won't like to add additional services to the app, it can influence security badly.
|
|
|
|
|
|
raskul
|
|
March 14, 2014, 02:07:43 PM |
|
raskul, there should be button "use" just after you take a photo. I tested on 5c, 5, 4 iphones and iPad 2. Are you sure the photo quality is quite good? That is extremely important for us to understand the problem.
We won't like to add additional services to the app, it can influence security badly.
yup, for sure... i've tried it many times, take photo - use photo - at different distances from the qr code I want to send to and it just doesn't import the bitcoin address...  |
tips 1APp826DqjJBdsAeqpEstx6Q8hD4urac8a
|
|
|
|
raskul
|
|
March 14, 2014, 02:12:47 PM |
|
raskul, there should be button "use" just after you take a photo. I tested on 5c, 5, 4 iphones and iPad 2. Are you sure the photo quality is quite good? That is extremely important for us to understand the problem.
We won't like to add additional services to the app, it can influence security badly.
yup, for sure... i've tried it many times, take photo - use photo - at different distances from the qr code I want to send to and it just doesn't import the bitcoin address... OK now it has worked. not sure why it wasn't working before, but it's working now. thanks |
tips 1APp826DqjJBdsAeqpEstx6Q8hD4urac8a
|
|
|
fruitwallet (OP)
Member
Offline
Activity: 102
Merit: 10
|
|
March 14, 2014, 02:24:39 PM |
|
wow. best news 
|
|
|
|
|
olsn
Newbie
Offline
Activity: 55
Merit: 0
|
|
March 14, 2014, 02:51:29 PM |
|
1. Plain text. Have to clarify, Will update you asap.
Updated: WE use most secure approach for this module. If somebody will ever get your password (which we really doubt), he wont pass the next step of profile installation anyway. But we have even one more layer - it is your 4 digit protection code. My concern was not someone logging into this app but saving innocent users. As you probably know MANY users have the same password for a lot of services. Now I don't want to say that this is good, but fact is that there are users out there who do it (many of them) - If you hash the password on the client with a salt before sending it anywhere you can make sure that just in case someone gets the hash they won't be able to do anything with it. Plus you cannot be accused of phishing passwords. Plus you are building more trust... Device-Specific Profile: What happens if I loose my device, it breaks or gets stolen? How will I be able to access the wallet? And a question on the pricing: Will this service every cost anything? If so - what price-tag/subscription-model are you aiming for? |
|
|
|
|
|
