Bitcoin Forum
March 04, 2021, 10:21:55 AM *
News: Latest Bitcoin Core release: 0.21.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Verifiable builds need attention. Only 3 of 68 Android wallets are verifiable  (Read 159 times)
giszmo
Legendary
*
Offline Offline

Activity: 1764
Merit: 1043


WalletScrutiny.com


View Profile WWW
December 30, 2019, 11:03:12 AM
Merited by suchmoon (4), ETFbitcoin (3), o_e_l_e_o (3), mk4 (1), hugeblack (1), Heisenberg_Hunter (1), igor72 (1)
 #1

At WalletScrutiny today we finished our first round assessing the 84 apps we had found to look like maybe being relevant Android Bitcoin wallets. The results are grim:

  • 3 are verifiably built from the project's published source code
  • 21 apps claim to be open source but either we failed to compile them from the information provided on their repositories or the compilation result differed non-trivially from the app found on Google Play. Trivial differences would be file timestamps, differences in few files that can be quickly understood to be harmless, like an API key not being included in the repository, although that is pointless as it sticks out in the diff even more.
  • 25 apps are closed source meaning neither the Playstore description, nor their website nor GitHub searched for their appId revealed any source code
  • 19 apps are for custodial services, the biggest being Coinbase. Coinbase recently reached 10 million downloads and with no other app reviewed having even 5 million, that is more users on Coinbase than on all open source wallets combined. Being your own bank ... not so much Sad
  • 18 apps turned out to be either not wallets, not for Bitcoin or they had only 1000 downloads or less.

This project is only getting started. If you want to look behind the curtain and maybe want to contribute, source for the website is public.

Now the next steps are:

  • Automate verification for wallets that were verifiable once
  • Efficiently collect wallet updates
  • Alert when verification fails
  • Build awareness

If you don't understand what this is about or think it is not important, consider this:

If you are the release manager of a wallet, would you tell your brother to trust your app? Should you trust it? After all it was you who pushed that compile button, right?
Well, if your computer has a backdoor, your compiler might bake in some wallet-stealing "feature" into every version of your app without your knowledge.
How big is the incentive to plant such a backdoor? For some wallets it is gigantic. Hundreds of millions of dollars. Criminals would kill for that amount, which brings me to the second issue:
What if somebody puts you under duress? If whatever you build is not being verified by a second person, ideally far away on an unrelated system, you can't trust yourself and nobody can trust you to release the software you should release. If in an open source project, verification is not easily possible, most likely it is not done internally.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1614853315
Hero Member
*
Offline Offline

Posts: 1614853315

View Profile Personal Message (Offline)

Ignore
1614853315
Reply with quote  #2

1614853315
Report to moderator
1614853315
Hero Member
*
Offline Offline

Posts: 1614853315

View Profile Personal Message (Offline)

Ignore
1614853315
Reply with quote  #2

1614853315
Report to moderator
joniboini
Legendary
*
Offline Offline

Activity: 1218
Merit: 1487


Be careful of impostor. Ask for a signed message.


View Profile
December 31, 2019, 03:51:33 AM
 #2

On your website, you said that Trust Wallet has no source ("Without public source available, this app cannot be verified!"). But they do have a GitHub https://github.com/trustwallet. Does this mean you don't take that as a source or you can't find the repo for the app? Or this is because of that appid thing?

They do have a building guide tho https://developer.trustwallet.com/wallet-core/developing-the-library/building, with the source to be https://github.com/trustwallet/wallet-core. Did anyone try it yet?


      ▄███████▄     ▄███████▄
   ▄██░░██████▄███████░░██
  ████░░░██████████░░░████
█████░░░░█████████░░░░█████
█████░░░░░███████░░░░░█████
█████░░██░░█████░░██░░█████
  ████░███████████████░████
    ▀██████████████████████
       ▀███████████████████▀
           █████   ████   █████
           ██████    █    ██████
           ███████      ███████
             ███████  ███████
               ▀███████████▀
                  ▀████████▀

    █
   ██
█████
    █
    █
    █
    █
    █

█  █    ▄█            ▄▄▄██
   █    █▄█▄              ▀▀
 █  █      █
       
                     
          ▄        █
       ██
▄██
    ▄▀
██
▀▀

.. Yield Farming...
Compound The Best Profits
          ▄▄▄▄
  ▄▄▀▀        ▀▀▄▄
█▄                    ▄█     ▄
████▄▄▄▄▄▄████   ███
██████████████     ▀
██████████████
██████████████████
██████████████ ▄▄▄ ██
██████████████ █$█    █
 ▀▀▀███████▀█▀  ▀▀▀ ██
           ▀▀▀        ██    ██
   ▄                        ▀▀
 ███
   ▀

    █
   ██
█████
    █
    █
    █
    █
    █
[]
giszmo
Legendary
*
Offline Offline

Activity: 1764
Merit: 1043


WalletScrutiny.com


View Profile WWW
December 31, 2019, 05:28:11 AM
 #3

On your website, you said that Trust Wallet has no source ("Without public source available, this app cannot be verified!"). But they do have a GitHub https://github.com/trustwallet. Does this mean you don't take that as a source or you can't find the repo for the app? Or this is because of that appid thing?

They do have a building guide tho https://developer.trustwallet.com/wallet-core/developing-the-library/building, with the source to be https://github.com/trustwallet/wallet-core. Did anyone try it yet?

Please read the article on that wallet. It explains all we did to come to our conclusion. Let me know if that finding is outdated.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
giszmo
Legendary
*
Offline Offline

Activity: 1764
Merit: 1043


WalletScrutiny.com


View Profile WWW
December 31, 2019, 11:33:56 AM
 #4

Stop recommending Blockstream Green Wallet. They are baddddddddd. A big one

We are not recommending any wallets. Our hope was to drive awareness for the issue of verifiability and there is bad things to say about all 3 wallets listed as "verifiable" but no wallet is perfect and all the other wallets are potentially losing all the money of all their users at once without security researchers having a chance of detecting it before it happens. And most likely even the team is not exercising build verification, so a release manager in distress might be all it takes for all users losing their money.

That said, what is so bad about Green Wallet?

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
hugeblack
Legendary
*
Offline Offline

Activity: 1344
Merit: 1662


Signature Designer 40$ --->shorturl.at/wLNOY


View Profile
December 31, 2019, 11:40:25 AM
 #5

Stop recommending Blockstream Green Wallet. They are baddddddddd. A big one
sorry about that. I missed clicking on send.
I edited it.

That said, what is so bad about Green Wallet?

Once they claim " non-custodial," this does not mean that they are telling the truth.
The company uses multi-sig addresses, meaning that in some cases (2 of 2 address) there are two private keys for sending currencies, the first is yours and the second is for the company.
Indeed, the company can not spend money without your permission, but you can't.


What will happen if the internet crashes in the area where the company is located, you will not be able to spend your money. The same thing happens when they charge high fees. Also, you cannot claim Hardforks.

Therefore, I do not recommend using it for beginners, or at least tell them about using 2 of 3 addresses.





.
.




░██████████████████░
████████████████████
█████████▀░░░███████
█████████░░▄████████
███████▀▀░░▀▀███████
███████▄▄░░▄▄███████
█████████░░█████████

█████████░░█████████

█████████▄▄█████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████▀▀▀█▀███
███░▀█████▀░░░░░▀███
███▌░░░▀▀▀░░░░░░████
████▄░░░░░░░░░░░████
█████▀░░░░░░░░░█████

██████▄░░░░░▄▄██████

█████▄▄▄▄███████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████████████
███████████▀▀░░▐████
███████▀▀░░░░░█████
████▀░░░▄█▀░░░▐█████
█████▄▄█▀░░░░░██████

███████▌▄▄▄▐██████

████████████████████

████████████████████

░██████████████████░
giszmo
Legendary
*
Offline Offline

Activity: 1764
Merit: 1043


WalletScrutiny.com


View Profile WWW
December 31, 2019, 12:22:32 PM
 #6

Once they claim " non-custodial," this does not mean that they are telling the truth.
The company uses multi-sig addresses, meaning that in some cases (2 of 2 address) there are two private keys for sending currencies, the first is yours and the second is for the company.
Indeed, the company can not spend money without your permission, but you can't.

I might be wrong there but my understanding is that the script is a slight bit more complicated. Their 2of2 protects you as you can define rules and they enforce them by not signing if somebody tries to empty your account all at once but if they disappear or charge a huge fee, your funds can be spent with just one key - your key - after one year.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
hugeblack
Legendary
*
Offline Offline

Activity: 1344
Merit: 1662


Signature Designer 40$ --->shorturl.at/wLNOY


View Profile
December 31, 2019, 01:09:41 PM
 #7

I might be wrong there but my understanding is that the script is a slight bit more complicated. Their 2of2 protects you as you can define rules and they enforce them by not signing if somebody tries to empty your account all at once but if they disappear or charge a huge fee, your funds can be spent with just one key - your key - after one year.

The use of "non-custodial" is completely wrong. Perhaps we can describe them as "Split Custody Wallets."
The issue is gray, you can spend coins even if the network is not available, but you will need to wait & some effort. I think beginners should be warned about this.

(2of2 Recovery Case)
You can spend using nLockTime feature, which enables you to sign transactions by default after a certain time "90 days by default"  then use a tool to be able to send your coins.

Read more ----> https://github.com/greenaddress/garecovery





.
.




░██████████████████░
████████████████████
█████████▀░░░███████
█████████░░▄████████
███████▀▀░░▀▀███████
███████▄▄░░▄▄███████
█████████░░█████████

█████████░░█████████

█████████▄▄█████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████▀▀▀█▀███
███░▀█████▀░░░░░▀███
███▌░░░▀▀▀░░░░░░████
████▄░░░░░░░░░░░████
█████▀░░░░░░░░░█████

██████▄░░░░░▄▄██████

█████▄▄▄▄███████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████████████
███████████▀▀░░▐████
███████▀▀░░░░░█████
████▀░░░▄█▀░░░▐█████
█████▄▄█▀░░░░░██████

███████▌▄▄▄▐██████

████████████████████

████████████████████

░██████████████████░
giszmo
Legendary
*
Offline Offline

Activity: 1764
Merit: 1043


WalletScrutiny.com


View Profile WWW
January 01, 2020, 12:19:40 AM
 #8

The use of "non-custodial" is completely wrong. Perhaps we can describe them as "Split Custody Wallets."
The issue is gray, you can spend coins even if the network is not available, but you will need to wait & some effort. I think beginners should be warned about this.

(2of2 Recovery Case)
You can spend using nLockTime feature, which enables you to sign transactions by default after a certain time "90 days by default"  then use a tool to be able to send your coins.

Read more ----> https://github.com/greenaddress/garecovery

I see your point and this is not the only wallet where things are not as black or white as we would hope for. I personally consider it a great and unique feature with little down-side but I would also love to allow critical voices to be accessible from the project. What about a block with a Twitter feed showing tweets mentioning both the wallet and @WalletScrutiny? Would also help to spread the word.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
pooya87
Legendary
*
Online Online

Activity: 2282
Merit: 3603


Remember tonight for it's the beginning of forever


View Profile
January 01, 2020, 04:09:56 AM
 #9

I might be wrong there but my understanding is that the script is a slight bit more complicated. Their 2of2 protects you as you can define rules and they enforce them by not signing if somebody tries to empty your account all at once but if they disappear or charge a huge fee, your funds can be spent with just one key - your key - after one year.

The use of "non-custodial" is completely wrong. Perhaps we can describe them as "Split Custody Wallets."
The issue is gray, you can spend coins even if the network is not available, but you will need to wait & some effort. I think beginners should be warned about this.

(2of2 Recovery Case)
You can spend using nLockTime feature, which enables you to sign transactions by default after a certain time "90 days by default"  then use a tool to be able to send your coins.

Read more ----> https://github.com/greenaddress/garecovery

the right way of implementing a multi signature scheme as some sort of 2FA is how Electrum does it meaning a 2of3 set up where the user owns 2 keys and the third party server owns the one key. user stores one of his keys in his hot wallet and the other he backs up by writing it down on a piece of paper. then if some day the server had any issues he can easily access his funds by accessing that backup key.
the github link suggests that greenwallet supports this but apparently not by default?

giszmo
Legendary
*
Offline Offline

Activity: 1764
Merit: 1043


WalletScrutiny.com


View Profile WWW
January 01, 2020, 10:21:04 PM
 #10

the right way of implementing a multi signature scheme as some sort of 2FA is how Electrum does it meaning a 2of3 set up where the user owns 2 keys and the third party server owns the one key. user stores one of his keys in his hot wallet and the other he backs up by writing it down on a piece of paper. then if some day the server had any issues he can easily access his funds by accessing that backup key.
the github link suggests that greenwallet supports this but apparently not by default?

That is a good point. As they have to get the user to do a backup anyway, pushing to make two separate backups should not be that awkward and it would solve the problem with the timelock being a timelock when you might need the money.

Ping me on this issue if I forget to update the article.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!