Is your Android Wallet secure? Most of the 37 wallets should scare you!

[giszmo]

We've been working on walletscrutiny.com for about two months now as a side project and hope to see many wallets that are currently "only" open source to care more about verification and make it into the "verifiable" category.

With the community's support, this project could turn into a permanent thing, with new versions being checked as they are being published and we certainly would also expand to other platforms and more attributes to look at.

Currently, being verifiable unfortunately doesn't mean that anybody would verify any code and we also have ideas how to fix that.

Any feedback welcome

[1715037687]

1715037687

[1715037687]

1715037687

[1715037687]

1715037687

[1715037687]

1715037687

[1715037687]

1715037687

[1715037687]

1715037687

[crwth]

The title of this topic is clickbait. And I fell for it.

Anyway, having been able to check your website, I like the idea and the method you how you did it in the methodology page [1] explains what you do and how you do it.

For an average user like myself, I tend to rely on other people's experience and their reviews on how the wallet is and if it's reputable to trust with your funds. Your website tends to answer some of those questions, and having only three verifiable wallets' suggestion on your end doesn't seem to explain a lot for me. In the end, I still chose to have a hardware wallet that I know I would be in control of.

[Darker45]

Currently, being verifiable unfortunately doesn't mean that anybody would verify any code and we also have ideas how to fix that.

Count me in that category. Being verifiable does offer me much security in a sense that I cannot make the verification myself. I am not familiar with codes and I cannot for sure tell whether there are some bad codes inserted into it. But it definitely makes me feel easy knowing that verifiable means there are a lot of competent people out there, like you, who will do the work for the people like me.

By the way, a wallet that I am using right now falls under the no source category. I am using coins.ph as my local wallet. That is apparently worse than not verifiable. I am also using Electrum and it is still not the most secure apparently because it is not verifiable.

I also have eidoo and exodus wallets. I cannot find both of them on the list, though.

This is a great guide. Thanks for this.

[Twinkledoe]

Where is the bitcoin core fall into? Should be under verifiable wallet, right? I am maintaining one closed source wallet from the given list but I only transfer bitcoin whenever I convert my crypto to my local currency but not really serving as storage wallet.

[giszmo]

The title of this topic is clickbait. And I fell for it.

Strike!

For an average user like myself, I tend to rely on other people's experience and their reviews on how the wallet is and if it's reputable to trust with your funds. Your website tends to answer some of those questions, and having only three verifiable wallets' suggestion on your end doesn't seem to explain a lot for me. In the end, I still chose to have a hardware wallet that I know I would be in control of.

I only started the project and most wallets don't care cause users don't care yet. I expect many of the non-verifiable ones will slip into the verifiable section if people care.

Once people care, wallets that remain non-verifiable turn more into red flags by my estimate. Also I intend to raise the bar once people move towards caring.

Currently, being verifiable unfortunately doesn't mean that anybody would verify any code and we also have ideas how to fix that.

Count me in that category. Being verifiable does offer me much security in a sense that I cannot make the verification myself. I am not familiar with codes and I cannot for sure tell whether there are some bad codes inserted into it. But it definitely makes me feel easy knowing that verifiable means there are a lot of competent people out there, like you, who will do the work for the people like me.

Then verifiability is still for you. Only if a wallet is verifiable does the verification anybody does matter. You like 99.999% of all users take what's there on Google Play but if one researcher reviews the code and the code actually has to do with the app you are running (it is verifiable), you gain security from that guy doing his scrutiny.

By the way, a wallet that I am using right now falls under the no source category. I am using coins.ph as my local wallet. That is apparently worse than not verifiable. I am also using Electrum and it is still not the most secure apparently because it is not verifiable.

In the individual articles I only distinguish between "does not apply", "verifiable" and "not verifiable". No source being available is the easier version of not verifiable, as then I don't waste two hours trying to compile stuff but it's certainly alarming as that means the provider does not want public scrutiny as he could release the code under a license that doesn't allow competition instead.

I also have eidoo and exodus wallets. I cannot find both of them on the list, though.

This is a great guide. Thanks for this.

Are those Android wallets? If you want, share a link on our reddit.

Where is the bitcoin core fall into?

If you are talking about the Bitcoin Core I know, then that is not an Android wallet and in terms of verifiability it ranks in its own class well above all there is on Android, as it actually gets smore scrutiny than all other wallets combined.

[akirasendo17]

There is a way to secure you wallet
first make sure your android account are well secured
second remove software that are not needed sometimes we install software we dont know
third dont just install softwares that are supspecious
fourth for wallet always make sure that its legit and never use wallet that are just a week release instead use the proven one
and lastly this very inportant secure your wallet sometimes its not the phone is not the issue bit we forget to properly secure the wallet make layers of security that is the proper way
I hope I can be able to educate everyone thanks

[SFR10]

Any feedback welcome

I'm not going to pretend that I did understand every bit of the "coding part explanations" but I appreciate what you did there...

Suggestion:

• You might want to consider adding another column for rating them based on how secure they are ^{[regardless of it being subjective]}.

32. Posting multiple posts in a row (excluding bumps and reserved posts by the thread starter) is not allowed.

[giszmo]

I'm not going to pretend that I did understand every bit of the "coding part explanations" but I appreciate what you did there...

Thank you! I'm polishing it and hope to standardize it more, as it should get automated anyway, so what you see so far is the experimentation phase.

Suggestion:

• You might want to consider adding another column for rating them based on how secure they are ^{[regardless of it being subjective]}.

Being a wallet dev myself (lead dev Mycelium for Android) being subjective is not cool. I would love to but there is people hating me with a passion because I rated their wallet one star 3 years ago. If I say something about other wallets, it better be solid

32. Posting multiple posts in a row (excluding bumps and reserved posts by the thread starter) is not allowed.

Ah, now I remember how this forum works. OMG. Haven't posted in years. Should I group my posts now or is the harm already done and I will get banned from the forum anyway?

Edit: deleted two posts. Bumping was not my intention.

[AniviaBtc]

There is a way to secure you wallet
first make sure your android account are well secured
second remove software that are not needed sometimes we install software we dont know
third dont just install softwares that are supspecious
fourth for wallet always make sure that its legit and never use wallet that are just a week release instead use the proven one
and lastly this very inportant secure your wallet sometimes its not the phone is not the issue bit we forget to properly secure the wallet make layers of security that is the proper way
I hope I can be able to educate everyone thanks

Absolutely, don't install any softwares INCLUDING apps, files or anything that can come up to your phone. Also have a very secured account not only wallet or crypto account but also your social media accounts. Because they can seek information on your accounts that can make them access you accounts.

Much better if you will not leave your account logged in into another gadget because it's hard to trust people easily. And don't post or input some private information in your social media accounts. All of those infos can be a key to your wallet so be careful.

[NeuroticFish]

First of all, I still don't understand how can people just keep money on a phone which then then they keep unlocked in the back pocket.
Then, as shown by OP website, what you download is not exactly what you expect, even in the case of reputed publishers (like Electrum, Samourai, ..)
What I want to tell is that crypto wallets on Android should really use hardware wallets if we talk about a bit bigger funds.

Now about the website. The initiative is great, but the implementation needs a bit more care for the newbies. In the way it's shown now it's big, it's scary for the newbies and most would not know how to read between the lines the info they need. Maybe those big diff pages should be shown only "by request" by the ones who what to see more than the conclusions (and even those would have a "show more" and a "show all" option?)

[Casdinyard]

Currently, being verifiable unfortunately doesn't mean that anybody would verify any code and we also have ideas how to fix that.

I'm waiting for Electrum to be verified though we knew the fact that it's trusted but this intrigued me anyway since Electrum is the most use wallet here.

~

Just don't use any extension. It bypass all information from what we search to everything we have on our desktop.

[SFR10]

Being a wallet dev myself (lead dev Android for Mycelium) being subjective is not cool. I would love to but there is people hating me with a passion because I rated their wallet one star 3 years ago. If I say something about other wallets, it better be solid

You have a point. Perhaps a community rating might be a better solution ^{[I do know that there's already a column for google play ratings but some of them tend to artificially inflate those ratings]}.

• Restrict a single IP to vote/rate only once for each ^{[I know it wouldn't completely eliminate users from abusing it but it's a step in the right direction]}.
• Implement a system to allow only veteran forum users to vote/rate by verifying/publishing their reviews/ratings based on their provided "signed messages" ^{[from the addresses that are present on their profiles here]}.

Ah, now I remember how this forum works. OMG. Haven't posted in years. Should I group my posts now or is the harm already done and I will get banned from the forum anyway?

Edit: deleted two posts. Bumping was not my intention.

You already did the right thing and it's quite clear that you're different from other so-called spammers

[virasog]

We've been working on walletscrutiny.com for about two months now as a side project and hope to see many wallets that are currently "only" open source to care more about verification and make it into the "verifiable" category.

With the community's support, this project could turn into a permanent thing, with new versions being checked as they are being published and we certainly would also expand to other platforms and more attributes to look at.

Currently, being verifiable unfortunately doesn't mean that anybody would verify any code and we also have ideas how to fix that.

Any feedback welcome

I have gone through the site to check the android wallets but found only 3 wallets to be verified. Can you tell me what does it mean by Non - Verifiable ?




 

[crwth]

I only started the project and most wallets don't care cause users don't care yet. I expect many of the non-verifiable ones will slip into the verifiable section if people care.

The thing is if the companies behind it were to hear from the actual voices of their users, maybe they would. I doubt it would happen any time soon because I think they don't want someone making their programs open source, especially with the public. Is this the only reason why you started this project?

Once people care, wallets that remain non-verifiable turn more into red flags by my estimate. Also I intend to raise the bar once people move towards caring.

I do think that it would help your project if you conducted a mini-survey before visiting your site to see if users "care."

[minersday]

We've been working on walletscrutiny.com for about two months now as a side project and hope to see many wallets that are currently "only" open source to care more about verification and make it into the "verifiable" category.

With the community's support, this project could turn into a permanent thing, with new versions being checked as they are being published and we certainly would also expand to other platforms and more attributes to look at.

Currently, being verifiable unfortunately doesn't mean that anybody would verify any code and we also have ideas how to fix that.

Any feedback welcome

OMG! this post really scared the shit out of me looking at the numerous number of wallets that are not verifiable. Not even a whole blockchain wallet. Thanks a lot for this info guys, i will keep an eye on your website for further developments. I noticed you did not review Trust wallet though it is one of the widely used cryptocurrency wallet. Also can you consider the review of these hardware wallets in the near future?

[joinfree]

It's so relieving to see my favourite wallet Mycelium in the verifiable section. I think this post will spur cryptocurrency wallets to be more secured in safeguarding the assets of their users. A big thumbs up to all the developers of this project. I would be glsd if you can cinsider looking at HubrisOne wallet, I think that wallet might scam users someday to come.

[giszmo]

First of all, I still don't understand how can people just keep money on a phone which then then they keep unlocked in the back pocket.
Then, as shown by OP website, what you download is not exactly what you expect, even in the case of reputed publishers (like Electrum, Samourai, ..)
What I want to tell is that crypto wallets on Android should really use hardware wallets if we talk about a bit bigger funds.

May I pick on the "reputed publishers" there? Do you know who they are? If the publisher hides in secrecy, that on its own is a huge red flag for me.

I totally agree on hardware wallets being the way to go but my list involves wallets with a combined download count of 20 million and a hardware wallet still costs over $100. You only invest $100 if your expected loss of not doing so is greater than $100. If you estimate your chance of the wallet losing funds at 5%, you won't use a hardware wallet for anything up to $2000. The exit scammer though may empty a million accounts at once, so here there is a lot of money to be made. Lets spot the black sheep and kick them out.

Now about the website. The initiative is great, but the implementation needs a bit more care for the newbies. In the way it's shown now it's big, it's scary for the newbies and most would not know how to read between the lines the info they need. Maybe those big diff pages should be shown only "by request" by the ones who what to see more than the conclusions (and even those would have a "show more" and a "show all" option?)

Thanks for the feedback! Scary landing page was certainly intended. Boring techy stuff was more the result of us wanting to justify our conclusions. To not show what we tried would look like we didn't try and we don't want to call out wallets on a whim. Maybe we can move the "analysis protocols" into separate documents for the more technically inclined audience?

Perhaps a community rating might be a better solution ^{[I do know that there's already a column for google play ratings but some of them tend to artificially inflate those ratings]}.

So far nobody has discovered the donate button but I was thinking of adding one per wallet and make it kind of a popularity contest that also pays for the project.

I have gone through the site to check the android wallets but found only 3 wallets to be verified. Can you tell me what does it mean by Non - Verifiable ?

Currently it's even worse: Only three are publicly verifiable which is not the same as actually being verified which would be an expensive and ongoing process.

As nobody cares, it probably doesn't mean much yet, as I refuse to believe that the other 34 are scammers but if people wake up to the idea that verifiability matters, we will see which wallets will actually come forward and make their apps verifiable and which don't.

I only started the project and most wallets don't care cause users don't care yet. I expect many of the non-verifiable ones will slip into the verifiable section if people care.

The thing is if the companies behind it were to hear from the actual voices of their users, maybe they would. I doubt it would happen any time soon because I think they don't want someone making their programs open source, especially with the public. Is this the only reason why you started this project?

I don't understand sentence 2 and 3. Many wallets are open source but not verifiable. Those I hope to win over. The closed source wallets I consider outright evil.

Once people care, wallets that remain non-verifiable turn more into red flags by my estimate. Also I intend to raise the bar once people move towards caring.

I do think that it would help your project if you conducted a mini-survey before visiting your site to see if users "care."

You mean like a pop-up on the landing page?
Do you care?
O Yes
O No
?

I noticed you did not review Trust wallet though it is one of the widely used cryptocurrency wallet.

You mean this wallet?

Also can you consider the review of these hardware wallets in the near future?

I am considering to mark Android wallets that support hardware wallets for a start but hardware wallets on their own are a very different kind of tool than Android apps.

It's so relieving to see my favourite wallet Mycelium in the verifiable section. I think this post will spur cryptocurrency wallets to be more secured in safeguarding the assets of their users. A big thumbs up to all the developers of this project. I would be glsd if you can cinsider looking at HubrisOne wallet, I think that wallet might scam users someday to come.

Honored by your trust but as stated on the detailed analysis of that wallet, contributors to walletscrutiny are also contributors to Mycelium. In fact I introduced verifiability to Mycelium a year or so ago and it's an integral part of our release protocol to have each build be verified by at least a second engineer. No malware on the release manager's machine should be able to sneak in backdoors.

[Darker45]

Are those Android wallets? If you want, share a link on our reddit.

Yes, they have android wallets. I'm using eidoo on my android phone and exodus on my iPhone but I know that it has a version for Android, too.

Being a wallet dev myself (lead dev Android for Mycelium) being subjective is not cool. I would love to but there is people hating me with a passion because I rated their wallet one star 3 years ago. If I say something about other wallets, it better be solid

But it is definitely cool conversing with the lead dev of Android for Mycelium.

A low rating, if totally objective, should always be welcome as it is a good start for improvement or any necessary adjustment. An objective rating, however low it may be, is always a constructive one. But if it is done out of pure subjectivity, it should be annoying.

[giszmo]

Are those Android wallets? If you want, share a link on our reddit.

Yes, they have android wallets. I'm using eidoo on my android phone and exodus on my iPhone but I know that it has a version for Android, too.

If you think we should add them, share the links to the Playstore listing, please.

[slaman29]

Good thing that you recognize this problem. Just because code is open source and verifiable doesn't mean anyone is actually going out of their way to do this.

One suggestion is to introduce a thread in the technical and wallet section for Bitcoin. There are actual wallet users there who are good with coding (I'm not one of them) who, if interested could try out your code. How many programmers do you have?

[AicecreaME]

The title of this topic is clickbait. And I fell for it.

I agree, I'm intrigued that is why I also clicked this topic. 

For an average user like myself, I tend to rely on other people's experience and their reviews on how the wallet is and if it's reputable to trust with your funds. Your website tends to answer some of those questions, and having only three verifiable wallets' suggestion on your end doesn't seem to explain a lot for me. In the end, I still chose to have a hardware wallet that I know I would be in control of.

I'm using any wallets in the playstore as long as it has a good feedback on it, mostly about the developer, because if the developer himself is not active at all, that wallet would be a suicidal wallet for your cryptocurrency. For the verifiable wallets, I only have one and I only trust those who have an actual company so I can contact their customer service on their working hours, like coins.ph.

I also have a trezor, and I find it more reassuring than other wallets you could find online.

[DaveF]

So I saw this post and clicked on it.
Hmm, can't build bitpay wallet, can't build copay cant find bitcoin.com
As a NOOB I built copay took about an hour.

Bitcoin.com is a copay clone, took about 3.2 seconds of searching to find it:
https://github.com/Bitcoin-com/Wallet

No idea if the above is the correct one but it is there.

At least one other one also exists that they could not find. Don't remember which one it was, have not had coffee yet.

<RANT>
Since the authors say that they contribute to mycelium perhaps they should spend more time fixing that app then slamming others.
https://bitcointalk.org/index.php?topic=5204973.0
https://bitcointalk.org/index.php?topic=5208593.0

Rassah has not logged on here in 6 months, the support link on their website is dead, so yeah, let's mark it as safe.

I use to use mycelium a lot, however with the issues that everyone seems to be having syncing, the lack of updates for ios, and various other issues, it's gone to shit so I stopped using it / recommending it. It's great that it's open source and secure, but if I can't connect to their servers and have to import my key into another wallet to spend then whats the point. And lets not forget the ads that come up that not everyone can turn off:
https://github.com/mycelium-com/wallet-android/issues/527
</RANT>

-Dave

[Lucius]

The fact is, more and more people are using mobile wallets and everyone wonders how safe they are. I can only say that so far I have only used the Electrum Android version and that I have no objection to anything related to that wallet. I find it safe until the opposite is proven, and for bigger amounts, I will never use it anyway.

I know that this project is solely focused on the security of mobile wallets, but the security of the operating system itself should not be neglected. For example, if you use a very old version of Android that no longer supports updates/patches, any mobile wallet in such a potentially dangerous environment is just an extra risk, no matter how safe it is. It should also be highlighted that most people do not perceive the security of their smartphones as something important, as if there were no viruses/malware for Android/iOS.

[Pinkris128]

In my own opinion, every android or mobile wallet is really not that secure because no system is safe for hackers if your wallet is accessible online, even you used third party apps that makes your wallet more secure it will still not help, that is why most experts recommends using a hardware wallet like ledger and trezor because it will be very difficult for hackers to access in that kind of wallet that can you store offline.

[Artemis3]

The fact is, more and more people are using mobile wallets and everyone wonders how safe they are. I can only say that so far I have only used the Electrum Android version and that I have no objection to anything related to that wallet. I find it safe until the opposite is proven, and for bigger amounts, I will never use it anyway.

I know that this project is solely focused on the security of mobile wallets, but the security of the operating system itself should not be neglected. For example, if you use a very old version of Android that no longer supports updates/patches, any mobile wallet in such a potentially dangerous environment is just an extra risk, no matter how safe it is. It should also be highlighted that most people do not perceive the security of their smartphones as something important, as if there were no viruses/malware for Android/iOS.

I also have only used Electrum in Android, and for small amounts its adequate. Remember your phone could be stolen/lost at anytime, so its not just the OS weaknesses. Of course that has a pin, and if stolen you would have enough time to retrieve your seed words home and move anything out before they manage to guess it (unless they already saw you).

In any case being inherently riskier, mobile wallets should be relegated for very small, perhaps a day worth of use at most.

I don't particularly trust anything not open source to begin with. And Android is plagued from that, just like Windows. Linux can't help when surrounded by closed software, which is how its done in Android. Suppose that joke about windows going Linux as kernel becomes reality, its still a piece of malware ridden garbage because everything else is insecure.

And yes, Apple is very insecure for the very same reason as well. No code, no proof of you not sneaking on my back.

[kryptqnick]

Android is too unsecure platform to store wallet there

Yeah, I like the project with researching the security of wallets, but why are you looking specifically at Android Wallets? I mean, does the majority of users even store Bitcoins on Android..? I thought people preferred online versions and cold wallets instead. I would never install a wallet onto my smartphone, for instance. And since the article about the methodology of this project admits that verifiability does not really say about much, I wonder whether the team is thinking about improving the methodology by adding some other factors to consider. It could be really useful to know which wallets are more secure and which are less, but limiting the project to, basically, exit scam possibility for Android wallets seems too narrow.

[Pearls Before Swine]

The title of this topic is clickbait. And I fell for it.

It is, and I didn't.  I hate 'listicles', and they're everywhere.

Anyway, I don't know how good op's project is in terms of accuracy, but whether it is or isn't, people need to watch what kinds of crypto apps they put on their phones anyway, not just wallets.  It's possible for someone to install a coin stealer onto your phone, tho I haven't heard of this being done yet...and it may be that I've just never heard of it happening, but it could have.

If it's bitcoin you're storing on your phone, I'd only use one of the trusted wallets like electrum or mycelium which have been around for years and haven't had security issues.  None of the newer wallets offer any real advantages over those two.  And I'm not even sure if there's a multi coin wallet that's been proven to be secure.

[bluudz]

Even in the experimental phase its great idea and I hope you will carry on working on it. We all assume that all wallets are being verified and checked by peers, just based on fact someone says its open source, but now I can see that is far from truth! I'd love to see initiatives like this to grow and so rest of us can have more insight into how secure and open and verifiable our wallets really are!

I hope you plan in future to involve even PC/Linux/Mac wallets in your project!
Thanks for good work

[kanayaTabitha]

We've been working on walletscrutiny.com for about two months now as a side project and hope to see many wallets that are currently "only" open source to care more about verification and make it into the "verifiable" category.

With the community's support, this project could turn into a permanent thing, with new versions being checked as they are being published and we certainly would also expand to other platforms and more attributes to look at.

Currently, being verifiable unfortunately doesn't mean that anybody would verify any code and we also have ideas how to fix that.

Any feedback welcome

Already good and really helpful for the new people who hasn't determined which wallet thay gonna use. You should add more wallet to review and make a filter for that list, or search bar would be help a lot if people want to check their wallet is secure or not. Also you need to mentioning your analysis criteria before you qualify the wallets.

[taufik123]

I, as a Blockchain Wallet user, see that this worries me about the security of my assets. Blockchain Wallet Still Not Verifiable!
will it still be safe?
Didn't you give a message to Blockchain Wallet to solve this Not verifiable problem.
Blockchain Wallet has the most users and the highest rating.

[giszmo]

One suggestion is to introduce a thread in the technical and wallet section for Bitcoin. There are actual wallet users there who are good with coding (I'm not one of them) who, if interested could try out your code. How many programmers do you have?

Sorry, what? We are currently two developers following build instructions found on wallet projects. We are both Android Bitcoin Wallet developers, so we certainly are more up to this task than the average user who wants to compile the wallet for himself but we do not code much. Just the website.

So I saw this post and clicked on it.
Hmm, can't build bitpay wallet, can't build copay cant find bitcoin.com
As a NOOB I built copay took about an hour.

We disclosed our findings in great detail, including the date we did our investigation. If back when you did it or now, things are different, that might explain it and we might give it another shot.

Bitcoin.com is a copay clone, took about 3.2 seconds of searching to find it:
https://github.com/Bitcoin-com/Wallet

That repository has its last code update in June, while the wallet on Google Play's last update was in October. This repository was not linked from Google play or their website. Why should I assume it's relevant?

<RANT>

While we have a commitment with Mycelium, we also have a private life and while we do work for the company, we do not call the shots. Also Mycelium still owes me money since June and Rassah?? Do you live under a rock? He's not with Mycelium since years and said so in various occasions.

I can only say that so far I have only used the Electrum Android version and that I have no objection to anything related to that wallet. I find it safe until the opposite is proven, and for bigger amounts, I will never use it anyway.

That's the problem. Those wallets have not millions of dollars under management, they have millions of users that have god knows how many dollars in their wallets. This is a huge incentive for anybody who could pull it off, to leak the private keys to then empty all wallets at once. This is also a huge incentive to provide a wallet for free that many people use and trust. To pay people to do great support and to go to conferences ...

if you use a very old version of Android that no longer supports updates/patches, any mobile wallet in such a potentially dangerous environment is just an extra risk, no matter how safe it is. It should also be highlighted that most people do not perceive the security of their smartphones as something important, as if there were no viruses/malware for Android/iOS.

Yes, this is an issue and why I use a "GoogleOne" phone, which comes with guaranteed updates for years. On the other hand, wallets can alert their users about security issues and I know Mycelium alerts users that try to run it on certain insecure versions of Android. In the end, Android is pretty secure though. More secure than your average Windows certainly.

experts recommends using a hardware wallet

Totally agree. Never put life-changing amounts in anything but a trusted hardware wallet. If you manage amounts that would change the life of many people, don't trust any single hardware wallet neither. Use multi signature with at least 3 brands of hardware wallet and pay somebody who knows how that works. Don't try that at home with that amount of money.

In any case being inherently riskier, mobile wallets should be relegated for very small, perhaps a day worth of use at most.

Thanks to the backup I trust my Android with more money than my leather wallet. Losing one is not like losing the other. For any serious money, other wallets are more suited.

I don't particularly trust anything not open source to begin with. And Android is plagued from that, just like Windows. Linux can't help when surrounded by closed software, which is how its done in Android.

To be fair, sandboxing on Android is pretty good. With your argument you could also say to not use the web cause of Java Script being insecure. Sometimes Browser makers screw up but usually it's so much more secure than to install apps on your Windows where the app can do whatever with the storage of all the other apps ...

Android is too unsecure platform to store wallet there

Yeah, I like the project with researching the security of wallets, but why are you looking specifically at Android Wallets? I mean, does the majority of users even store Bitcoins on Android..?

Android is what I know as a contributor at Mycelium and I see the issue there, with more than 20 million downloads for the wallets I investigated.
If people care, we might expand to other platforms and maybe also other apps but for now, Android is already quite a lot of apps to look after.

And since the article about the methodology of this project admits that verifiability does not really say about much, I wonder whether the team is thinking about improving the methodology by adding some other factors to consider. It could be really useful to know which wallets are more secure and which are less, but limiting the project to, basically, exit scam possibility for Android wallets seems too narrow.

If people care, we will expand. For now, there are only 3 wallets "green", so it's kind of pointless to be more strict and have them all red. My hope is that some 10 of the open source wallets fix their build setup so we can verify it and then we raise the bar. We would love to test new releases in real time and alert users if a verifiable app turned non-verifiable. We would also like to list bug bounties paid by the different projects, so security researchers get on board for the better paying ones.

Anyway, I don't know how good op's project is in terms of accuracy, but whether it is or isn't, people need to watch what kinds of crypto apps they put on their phones anyway, not just wallets.  It's possible for someone to install a coin stealer onto your phone, tho I haven't heard of this being done yet...and it may be that I've just never heard of it happening, but it could have.

Android is pretty good at sandboxing apps. One app should not be able to reach into another app's sandbox unless you give it root access. Keep your Android updated and it's pretty secure. More secure than Windows for sure.

If it's bitcoin you're storing on your phone, I'd only use one of the trusted wallets like electrum or mycelium which have been around for years and haven't had security issues.  None of the newer wallets offer any real advantages over those two.  And I'm not even sure if there's a multi coin wallet that's been proven to be secure.

There is no such thing as proven to be secure. Any wallet provider in distress might turn evil. So you trust Mycelium? I'm compiling the release versions for that wallet. How do you know you can trust it? Maybe somebody took my family hostage. Do you believe I care more about your bitcoins than their life? Maybe somebody infected my work laptop with a malware that injects a backdoor when I compile the wallet. Those are the reasons why reproducibility matters even for closed source projects. You have to check every build. At Mycelium, if there is a backdoor in our wallet, not only must I have missed it, my whole team and interested outside security researchers must have missed it as every release is compiled and verified by other team members and the public source code is pushed before we push the apk to Google Play. All this happens behind the scenes but it matters greatly and only if the app is publicly verifiable can people hope that it's actually been verified.

I hope you plan in future to involve even PC/Linux/Mac wallets in your project!
Thanks for good work

We certainly would hope to get the funding necessary to focus on this project and expand it to cover all wallets. For now we have to see how the community receives the project.

Already good and really helpful for the new people who hasn't determined which wallet thay gonna use. You should add more wallet to review and make a filter for that list, or search bar would be help a lot if people want to check their wallet is secure or not.

Which wallets should we add? Please provide a link to Google Play if you want us to review your wallet of choice. We only looked at what we know and could easily find.
Every browser should have a search feature

Already good and really helpful for the new people who hasn't determined which wallet thay gonna use. You should add more wallet to review and make a filter for that list, or search bar would be help a lot if people want to check their wallet is secure or not.

Check out our Methodology page.

I, as a Blockchain Wallet user, see that this worries me about the security of my assets. Blockchain Wallet Still Not Verifiable!
will it still be safe?
Didn't you give a message to Blockchain Wallet to solve this Not verifiable problem.
Blockchain Wallet has the most users and the highest rating.

I'm glad you care and I don't want to say you shouldn't but as you see you are not alone in trusting your money to a wallet that cannot be publicly scrutinized. I hope that many of the anyway open source wallets will come around and fix their setup so they can be easily audited. I bumped this issue and maybe you want to state your concern to them there, too.

[Lucius]

That's the problem. Those wallets have not millions of dollars under management, they have millions of users that have god knows how many dollars in their wallets. This is a huge incentive for anybody who could pull it off, to leak the private keys to then empty all wallets at once. This is also a huge incentive to provide a wallet for free that many people use and trust. To pay people to do great support and to go to conferences ...

Risk is always present, there is no guarantee for any type of wallet in terms of 100% security. But we can still try to minimize this risk by prioritizing a specific type of wallets. I used to consider desktop wallets pretty safe as a beginner, then I began to doubt them more and more, so I invested in a hardware wallet, but today I cannot say that I have complete confidence in such storage. Not because I think I might fall victim to an individual hack, but because of what you're talking about, and it's some kind of imaginary global hack that would do immeasurable damage.

While I'm not sure how technically feasible this is (when it comes to hardware wallets), desktop/mobile wallets are certainly vulnerable to large-scale attacks. I think that for storing larger amounts, only a properly made paper wallet guarantees an extremely high degree of security, of course with the risk of damage or theft which is always present.

[Amel]

One suggestion is to introduce a thread in the technical and wallet section for Bitcoin. There are actual wallet users there who are good with coding (I'm not one of them) who, if interested could try out your code. How many programmers do you have?

Sorry, what? We are currently two developers following build instructions found on wallet projects. We are both Android Bitcoin Wallet developers, so we certainly are more up to this task than the average user who wants to compile the wallet for himself but we do not code much. Just the website.

Yeah it looks like you already have a lot of experience about the security of android wallets. And maybe you also have many clients who consult to improve the security of their wallet projects. Only one question I have? is it possible for an android wallet to have security like a hardware wallet?

Maybe it's possible, by not connecting the internet but is there another way?

[giszmo]

Risk is always present, there is no guarantee for any type of wallet in terms of 100% security. But we can still try to minimize this risk by prioritizing a specific type of wallets. I used to consider desktop wallets pretty safe as a beginner, then I began to doubt them more and more, so I invested in a hardware wallet, but today I cannot say that I have complete confidence in such storage. Not because I think I might fall victim to an individual hack, but because of what you're talking about, and it's some kind of imaginary global hack that would do immeasurable damage.

Actually with multisignature you can get very far in terms of security. Create a wallet involving your iphone, your android, your Windows PC, your Linux laptop and your hardware wallet and create a 5-of-5 wallet. What are the odds that this setup steals your coins?

While I'm not sure how technically feasible this is (when it comes to hardware wallets), desktop/mobile wallets are certainly vulnerable to large-scale attacks. I think that for storing larger amounts, only a properly made paper wallet guarantees an extremely high degree of security, of course with the risk of damage or theft which is always present.

Paper wallets are vastly inferior to hardware wallets as whoever finds them gets control of the coins. The hardware wallets are strictly superior, as you can restore your paperwallet private key on a hardware wallet and gain the protection against thieves without losing anything.

eah it looks like you already have a lot of experience about the security of android wallets. And maybe you also have many clients who consult to improve the security of their wallet projects. Only one question I have? is it possible for an android wallet to have security like a hardware wallet?

Maybe it's possible, by not connecting the internet but is there another way?

We so far are not offering consultancy. Android wallets cannot offer the same security as hardware wallets even with secure elements but that's a long topic. Android phones would need special hardware to indicate the operation of secure code for that and it would still have a much bigger attack surface than a Trezor for example.

[Lucius]

Paper wallets are vastly inferior to hardware wallets as whoever finds them gets control of the coins. The hardware wallets are strictly superior, as you can restore your paperwallet private key on a hardware wallet and gain the protection against thieves without losing anything.

It's the same situation if someone finds a seed from a hardware wallet, most people save their backup on paper. In the end, it comes down to how well or badly someone protects their backup. I am not sure how you think to restore private key from paper wallet on a hardware wallet, as far I know most wallet support only seed words, and that seed is created by hardware wallet, it should be entered only there.

By importing private key/s from paper wallet there is always a risk that coins can be stolen, in most cases by fake wallets, or if user for some reason tries to type private key manually and his device is infected with keylogger/RAT virus.

[giszmo]

It's the same situation if someone finds a seed from a hardware wallet, most people save their backup on paper. In the end, it comes down to how well or badly someone protects their backup. I am not sure how you think to restore private key from paper wallet on a hardware wallet, as far I know most wallet support only seed words, and that seed is created by hardware wallet, it should be entered only there.

By importing private key/s from paper wallet there is always a risk that coins can be stolen, in most cases by fake wallets, or if user for some reason tries to type private key manually and his device is infected with keylogger/RAT virus.

If you are worried about your backup being found by the wrong person, you can always buy 2 hardware wallets and put the same key on both of them and use one as backup.

Importing private keys sounds scary. The Android clipboard can be monitored by all installed apps without even an extra permission and as soon as the user copies the private key, all malicious apps race to broadcast their attempt of stealing the funds

[NeuroticFish]

May I pick on the "reputed publishers" there? Do you know who they are? If the publisher hides in secrecy, that on its own is a huge red flag for me.

I think that in some cases it may simply be "something missing", not "bad intentions". My choice for using the word "reputed" here was because I think that people do trust some of those wallets and the teams behind them.

and a hardware wallet still costs over $100

A hardware wallet can be bought nowadays at 65$, so although the logic is correct, the numbers are smaller (1300$ instead of 2000$ !!).

Maybe we can move the "analysis protocols" into separate documents for the more technically inclined audience?

What I meant was something like the + signs in Microsoft download pages, maybe done even smarter (I don't know if it's possible to "cascade" this feature).

[DaveF]

So I saw this post and clicked on it.
Hmm, can't build bitpay wallet, can't build copay cant find bitcoin.com
As a NOOB I built copay took about an hour.

We disclosed our findings in great detail, including the date we did our investigation. If back when you did it or now, things are different, that might explain it and we might give it another shot.

This puts you in an kind of never ending loop as everything is always in flux.
You should put more detail in the testing then.
If you really want to do it then put tested Date-Month-Year. Version tested AND what was the latest version available at the time of your test. etc.

For example:
You have 3.0.0.23 as the version you used to test mycelium that is from the end of September. It's mid December and the version Google Play just put on my phone was 3.2.0.11.

Bitcoin.com is a copay clone, took about 3.2 seconds of searching to find it:
https://github.com/Bitcoin-com/Wallet

That repository has its last code update in June, while the wallet on Google Play's last update was in October. This repository was not linked from Google play or their website. Why should I assume it's relevant?

It's linked from the app. You can actually click on something in the app to get to the github.
I will give you the version might be different. Did not look, just saw the link. So that's on me.

<RANT>

While we have a commitment with Mycelium, we also have a private life and while we do work for the company, we do not call the shots. Also Mycelium still owes me money since June and Rassah?? Do you live under a rock? He's not with Mycelium since years and said so in various occasions.

A few things in there:
1) If mycelium owes you money and you are doing work for them, that should also be stated in the review. Because sooner or later I would think you are going to have to cut your losses and that is also relevant to wallet security. That is just my opinion, you can keep working for free but I would assume it would fall lower on your priority list as time goes on.

2) Rassah is still the mod of the mycelium forum and although claims to not have any affiliation with them (don't know why he would lie) he was still a contact point. Now everyone get's to bug you about the bugs....

3) You did not address the rest of what was in my rant such as the syncing issues, the dead support links, the ads that still come on when turned off [as of 3.2.0.11 it still did it but not with any regularity]. And that is fine, you don't need to defend your project to random internet stranger. But, do not pretend they don't exist. Because saying that the code on github matches the compiled version is only part of the issue. If you have to export your keys to another wallet because the one you are using does not sync then the code is not really important is it?


-Dave

[giszmo]

What I meant was something like the + signs in Microsoft download pages, maybe done even smarter (I don't know if it's possible to "cascade" this feature).

For what it's worth, the scary "code" blocks are now limited to 25 lines. Inclined users can still scroll inside those boxes but it's certainly less scary now. We will improve that further after some urgent updates.

This puts you in an kind of never ending loop as everything is always in flux.
You should put more detail in the testing then.
If you really want to do it then put tested Date-Month-Year. Version tested AND what was the latest version available at the time of your test. etc.

For example:
You have 3.0.0.23 as the version you used to test mycelium that is from the end of September. It's mid December and the version Google Play just put on my phone was 3.2.0.11.

We are aware of that. The current iteration of the project is "all manual" but if there is interest (read: money to be earned), we will automate the process and alert users of issues. We are considering the fact that Android can be rolled out in different versions to different countries and that reviewing huge changes is more time consuming than reviewing small changes. It's just that the status quo is miles away from caring about actual reviews. Reviewability is the current mission.

Bitcoin.com is a copay clone, took about 3.2 seconds of searching to find it:
https://github.com/Bitcoin-com/Wallet

That repository has its last code update in June, while the wallet on Google Play's last update was in October. This repository was not linked from Google play or their website. Why should I assume it's relevant?

It's linked from the app. You can actually click on something in the app to get to the github.

As stated on our page, we considered the Playstore description and the project's website, not the app itself and we will not change that, as apps can't be parsed without having the source code in the first place.

A few things in there:
1) If mycelium owes you money and you are doing work for them, that should also be stated in the review. Because sooner or later I would think you are going to have to cut your losses and that is also relevant to wallet security. That is just my opinion, you can keep working for free but I would assume it would fall lower on your priority list as time goes on.

Absolutely! I still do get money. Less money for less work though.

2) Rassah is still the mod of the mycelium forum and although claims to not have any affiliation with them (don't know why he would lie) he was still a contact point. Now everyone get's to bug you about the bugs....

In bitcointalk you mean? I had no idea that that was something of interest to people. For all I know it never was an official company outlet.

3) You did not address the rest of what was in my rant such as the syncing issues, the dead support links, the ads that still come on when turned off [as of 3.2.0.11 it still did it but not with any regularity]. And that is fine, you don't need to defend your project to random internet stranger.

There is not much to address there. Syncing issues should be fixed. There is no support, right. Media-flow-opt-out should work from 3.2.0.17 on.

But, do not pretend they don't exist. Because saying that the code on github matches the compiled version is only part of the issue. If you have to export your keys to another wallet because the one you are using does not sync then the code is not really important is it?

The walllet being verifiable is the subject of our project and having to restore your mnemonic on a different wallet is a minor detail compared with a wallet pulling an exit scam. My mission is to make exit scams harder.

[virasog]

Android is too unsecure platform to store wallet there

You need to increase your knowledge about the wallets. You store the wallets on your desktop/ laptop or on your mobile phone, there is no difference in security and risk. For example you can store your coins in electrum wallet either in your PC or through Electrum app for Android. You will get the same security.

[giszmo]

Android is too unsecure platform to store wallet there

You need to increase your knowledge about the wallets. You store the wallets on your desktop/ laptop or on your mobile phone, there is no difference in security and risk. For example you can store your coins in electrum wallet either in your PC or through Electrum app for Android. You will get the same security.

Well, the answer is certainly more nuanced than that.

On your desktop you usually run Windows, Mac or Linux and the security models differ quite dramatically. And the way people use those systems varies. If you keep your system updated and don't install anything, you are more secure than if you regularly install pirated software or otherwise software from untrusted sources.

That said, Android is really good at sandboxing, so one app should not have access to another app's storage, so it's much harder to screw up on Android than on Windows.

Lastly, larus maybe wasn't talking about desktops but about hardware wallets cause with these it's even harder to lose your bitcoins.

[coin-investor]

We've been working on walletscrutiny.com for about two months now as a side project and hope to see many wallets that are currently "only" open source to care more about verification and make it into the "verifiable" category.

With the community's support, this project could turn into a permanent thing, with new versions being checked as they are being published and we certainly would also expand to other platforms and more attributes to look at.

Currently, being verifiable unfortunately doesn't mean that anybody would verify any code and we also have ideas how to fix that.

Any feedback welcome

It's nice that you have set up this kind of project for the community, it surely is a big help for all of us, since everybody here is using all those wallets listed in your websites, I'm glad that all the wallet that I'm currently using are all verified, I have bookmarked your site for future reference and recommendation.

[giszmo]

It's nice that you have set up this kind of project for the community, it surely is a big help for all of us, since everybody here is using all those wallets listed in your websites, I'm glad that all the wallet that I'm currently using are all verified, I have bookmarked your site for future reference and recommendation.

Thanks for your kind words but we do not verify much. We only test if the wallets at the time of our test can be audited. An audit itself would cost tens of thousands of dollars per wallet and would be outdated with the next release. As this is not a practical thing to expect, we will go in a slightly different direction and make sure the incentives are there for finding the one issue through something like bug bounties.

[dvmmayowa]

I must really commend you for this type of project, as promising and valuable the crypto industry seems, there are some loose ends that needs to be tied just as the one you're doing
Not everyone is tech savvy, some are just bloody investors that doesnt even know how reliable their wallets are but with projects like this, then we can always be sure of what type of wallets to rely on.
I used to be a very good fan of atomic wallet until i checked up website and discovered that i am standing a risk of having my wallet security compromised at any time.
Kudos for your great efforts once again!!

[OmegaStarScream]

There is a new LN wallet called Shockwallet (Alpha): https://github.com/shocknet/wallet

Also, why is Bitrefill even listed there? Just because you can deposit funds into your account doesn't make the app a wallet does not necessarily make the app a wallet.

[giszmo]

I must really commend you for this type of project, as promising and valuable the crypto industry seems, there are some loose ends that needs to be tied just as the one you're doing
Not everyone is tech savvy, some are just bloody investors that doesnt even know how reliable their wallets are but with projects like this, then we can always be sure of what type of wallets to rely on.
I used to be a very good fan of atomic wallet until i checked up website and discovered that i am standing a risk of having my wallet security compromised at any time.
Kudos for your great efforts once again!!

Thanks! Please keep in mind that WalletScrutiny so far only tests verifiability. It does not verify the source code itself. This is something for some phase two.

There is a new LN wallet called Shockwallet (Alpha): https://github.com/shocknet/wallet

Currently I only add wallets that are on Google Play. If you have a link to their store listing, I add it to WalletScrutiny.

Also, why is Bitrefill even listed there? Just because you can deposit funds into your account doesn't make the app a wallet does not necessarily make the app a wallet.

The criteria of being listed at all is that it looked a bit like a wallet. BitRefill in particular is a custodial service, so it's not a wallet but a "Bitcoin bank". This should be clear from how it's represented. If you wouldn't be able to lose "your" bitcoins with them, it would be "not a wallet".