Sparrow Bitcoin Wallet

[dkbit98]

a new version was released today... the new 2.5.1 includes two bug fixes and an update.
you can see exactly what they are by visiting the following link: https://github.com/sparrowwallet/sparrow/releases/tag/2.5.1

It's interesting that Sparrow wallet is the first wallet that supports BIP375, that is sending Silent Payments with PSBT, that means that hardware signer can participate in constructing a transaction for sending to Silent Payment address.
That means that we should have more hardware wallets adding support for Silent Payments soon, and I hope Trezor and BitBox are going to be one of the first devices to do it.

[satscraper]

Latest Sparrow 2.5.2 release went to life

This release contains two very important bullets for Silent Payments. They are : "Improve verification of loaded PSBTs to warn on non-default sighash types" and "Improve BIP375 verification of precomputed SP outputs in PSBTs". These changes strengthen Sparrow’s ability to prevent funds from being sent to unspendable or suspicious scripts.

[nc50lc]

This release contains two very important bullets for Silent Payments. They are : "Improve verification of loaded PSBTs to warn on non-default sighash types" -snip-

I wonder why they quickly changed the wordings of this update from "...may be unsafe to sign" into moderate "Review this PSBT carefully...".

Since they do not allow signing with other sighash if you're using an SP Sparrow Wallet, perhaps it's an additional warning for another issue that should be called "unsafe".
E.g.: To warn their users so that they wouldn't sign a PSBT with "SighHash_None" or similar SigHash that could lead to stolen funds, but other SigHash aren't unsafe so the warning is toned down to "review it".
I actually mentioned this because I've seen threads that discussed that and there have been some real-world victims of that example scenario.
It's good that they've addressed that even if it's quite late and may be unintentional if the update is specific for Silent Payment.

[dkbit98]

I tried generating Silent Payment address with Sparrow wallet, but it was not working correctly for some reason.
I even tried connecting hardware wallet but Silent Payment address also didn't show and wrong hardware wallet was detected in SP menu.
Note that I used the latest Sparrow version 2.5.2, and I don't even own Trezor Model T device.

[satscraper]

I tried generating Silent Payment address with Sparrow wallet, but it was not working correctly for some reason.
I even tried connecting hardware wallet but Silent Payment address also didn't show and wrong hardware wallet was detected in SP menu.
Note that I used the latest Sparrow version 2.5.2, and I don't even own Trezor Model T device.

It’s strange that you tried to connectTrezor Model T to Sparrow Wallet in checking SP loop , because according to your own thread the only hardware wallet that supports SP right now is BitBox02 ^{and even that support is only partial}. So the outcome of your experiment was predictable.

Personally, I’m waiting for Foundation to add SP support to their products. Once that happens, I’ll try experimenting with pairing my Passport Core with Sparrow for SP transactions.

[dkbit98]

It’s strange that you tried to connectTrezor Model T to Sparrow Wallet

Like I said before, I never owned Trezor Model T, so Sparrow wallet is detecting this wrong, it's probably some bug.
I even tried generating Silent Payment addresses without any hardware wallet connection, but it was not working with Sparrow wallet.
There are no issues when I do it in Cake wallet.

[satscraper]

I even tried generating Silent Payment addresses without any hardware wallet connection, but it was not working with Sparrow wallet.

Strange. Mine generated the Silent Payment address properly. Unlike ordinary wallets, there should be only one Silent Payment address bound to each account in your wallet. If you need more, you must create additional accounts. Silent Payments are intentionally designed this way.

To see the generated Silent Payment address, you need to press the Receive button. It will show you the address and the corresponding QR code.

If you press the Addresses button instead, it will show nothing until you have received some funds to that address.

[Forsyth Jones]

the only hardware wallet that supports SP right now is BitBox02 ^{and even that support is only partial}. So the outcome of your experiment was predictable.

I own the Bitbox02 (the classic one, not the nova). AFAIK it only supports SP for sending. Does Sparrow with an integrated hardware wallet support SP? And what about a hardware wallet with partial SP support on Sparrow?

I could test it here with the Bitbox02 if I can find it.

[nc50lc]

I tried generating Silent Payment address with Sparrow wallet, but it was not working correctly for some reason.

Does it show anything interesting in "Help->Show Log File" menu? Anything related to the error.
Of course, refer to the timestamp exactly/close to when you seen that error or when you reproduced it.

[satscraper]

the only hardware wallet that supports SP right now is BitBox02 ^{and even that support is only partial}. So the outcome of your experiment was predictable.

I own the Bitbox02 (the classic one, not the nova). AFAIK it only supports SP for sending. D

BitBox02  ^{like any other hardware wallet} does not need to support Silent Payments receiving, because it is offline device. Receiving Silent Payments means being able to scan the blockchain, and this is done entirely by the software app to which the hardware wallet is paired. The paired software app performs the blockchain scanning and the necessary ECDH operations.

Does Sparrow with an integrated hardware wallet support SP? And what about a hardware wallet with partial SP support on Sparrow?

When you pair your BitBox02 with Sparrow the latter begins creating the relevant Silent Payments wallet. The BitBox02 shares its xpub with Sparrow and Sparrow ^{based on this xpub} then generates SP address derived from  BitBox02 SEED. If someone sends funds to this Silent Payments address, you will see in  Addresses tab theTaproot address ^{that the sender derived using ECDH} which Sparrow detects during its blockchain scanning. If another person sends to the same Silent Payments address you will again see  new Taproot address appear in  Addresses tab. This is the magic of Silent Payments technique ^{it preserves your privacy by ensuring every payment results in the unique, unlinkable address.}

With  Sparrow + BitBox02 setup, you can also send the single‑sig transaction to  Silent Payments address, because the BitBox02 already supports SP signing. However, for multisig transactions things are more complicated as to sign  Silent Payments‑related PSBT,  BitBox02 still needs support for BIP376.

[Pmalek]

Apple has flagged Craig Raw's developer account on the App Store for termination, and it's scheduled to be terminated on 30 June unless the decision is reversed. Craig is the developer of Sparrow Wallet. If the account gets terminated, users will no longer be able to install or update Sparrow on macOS from the App Store.

Craig was flagged by Apple for dishonest activity. He created a placeholder on the App Store that served only as a warning to users that Sparrow is a desktop-only wallet and that all other Sparrow apps that appear there are fake and don't belong to Craig Raw. Sadly, this can turn out to be the reason his developer account gets terminated if the company doesn't accept his appeal.



Source: https://x.com/SparrowWallet/status/2069125045167775896

[FinneysTrueVision]

Apple has flagged Craig Raw's developer account on the App Store for termination, and it's scheduled to be terminated on 30 June unless the decision is reversed. Craig is the developer of Sparrow Wallet. If the account gets terminated, users will no longer be able to install or update Sparrow on macOS from the App Store.

Sparrow Wallet isn’t installed from the App Store. Having a suspended developer account also affects applications installed from external sources because unsigned apps get treated almost like they are malware. The application will be blocked from running and placed in quarantine whenever a new update is installed.

It’s not too difficult to get around those restrictions for end users, but I imagine there are some people who are unaware of all the details that will be scared off by this and would stop using Sparrow Wallet on macOS. I hope that Apple will reverse this foolish suspension and that the attention this has brought will motivate them to do something about all the scam apps.

[ABCbits]

Apple has flagged Craig Raw's developer account on the App Store for termination, and it's scheduled to be terminated on 30 June unless the decision is reversed. Craig is the developer of Sparrow Wallet. If the account gets terminated, users will no longer be able to install or update Sparrow on macOS from the App Store.
--snip--

It feels weird Apple got sued for letting fake crypto apps on their App Store[1], while Apple also plan to terminate account of legit developer because he's trying to stop people from got scammed. I don't expect the decision will be changed, unless whole Bitcoin community publicly protest against Apple decision.

[1] https://www.macobserver.com/news/apple-faces-class-action-lawsuit-over-crypto-scam-app-on-app-store/

[dkbit98]

Apple has flagged Craig Raw's developer account on the App Store for termination, and it's scheduled to be terminated on 30 June unless the decision is reversed. Craig is the developer of Sparrow Wallet. If the account gets terminated, users will no longer be able to install or update Sparrow on macOS from the App Store.

And so what?
It's not like Sparrow wallet and this developer ever planned of making apple version of wallet, or create anything related with that.
There is a similar project (I can't remember the name) that is working for mobile devices, and it works like Sparrow wallet.

[FinneysTrueVision]

And so what?
It's not like Sparrow wallet and this developer ever planned of making apple version of wallet, or create anything related with that.

There is a Mac version, the one that is downloaded from github, and it needs to be signed by a registered developer and notarized by Apple. If it doesn’t have that it gets flagged as a security risk.


Update from the developer: their appeal was successful and they can continue developing their software for macOS without any problem.

[Pmalek]

Sparrow Wallet isn’t installed from the App Store.

I just assumed it was without checking that the software is actually downloaded from GitHub. 

Having a suspended developer account also affects applications installed from external sources because unsigned apps get treated almost like they are malware. The application will be blocked from running and placed in quarantine whenever a new update is installed.

I guess current users would still be able to run Sparrow on their Macs. Maybe they would get notifications and warnings. However, there would be no more updates and new users wouldn't be able to install apps from the store. This is all assuming that the software is actually downloaded from the App Store, which Sparrow isn't, as you pointed out.

It feels weird Apple got sued for letting fake crypto apps on their App Store[1], while Apple also plan to terminate account of legit developer because he's trying to stop people from got scammed.

Let's wait and see how long it will take for the next fake Sparrow Wallet for iPhone to appear. Tick tock...

I don't expect the decision will be changed, unless whole Bitcoin community publicly protest against Apple decision.

Luckily, it didn't take long before Apple reverted their decision. And yeah, Craig did get support and Apple probably got a good amount of complaints as well.

And so what?
It's not like Sparrow wallet and this developer ever planned of making apple version of wallet, or create anything related with that.

Sparrow Wallet is available for Mac. Since it's desktop-only, it's not available for the iPhone, though. Fake, phishing apps that pop up every now and then can claim they are for iPhone users.

There is a Mac version, the one that is downloaded from github, and it needs to be signed by a registered developer and notarized by Apple. If it doesn’t have that it gets flagged as a security risk.

What if you build it from source from GitHub? Would such an app still be flagged?
Apps can also be dependent on other apps and services created by the same developer. I don't know if that's the case with Sparrow and Craig. In theory, the software could be compiled from source but still not work properly if other third-party services got terminated together with Craig's developer account.