soliton (OP)
|
|
November 06, 2020, 07:40:10 PM Last edit: November 13, 2020, 12:16:54 PM by soliton |
|
I've been longing for learning how secure is Bitcoin wallet in my pocket and recently me has stumbled upon the site that allows to get some idea of it. WalletScrutiny separated almost all available Android specific wallets into four categories: “Reproducible” that lists 6 names, “Not Reproducible” with 24 wallets, “No Source” – 38 wallets and Custodial comprising 60 names . As I take it “reproducible” meant that the code shared by developers matches the published app, "no source" speaks for itself. My favorite wallet for Bitcoin is Electrum. That all said, without thinking twice I checked it with scrutiny and got this: ( https://walletscrutiny.com/android/org.electrum.electrum/) Surprisingly for me it is not reproducible. Verdict set the record straight: ( https://walletscrutiny.com/android/org.electrum.electrum/) Did you check the wallet your use for Bitcoin? Tell why did you install and use it. Please don't dwell exceptionally on Electrum, that is just an example.
|
|
|
|
khaled0111
Legendary
Offline
Activity: 2576
Merit: 2908
Top Crypto Casino
|
|
November 06, 2020, 09:09:46 PM |
|
Not reproducible from source provided means that every time you compile the app's source code you get a different binary file. Electrum app is not reproducible from source, indeed. This information was already mentioned on their github repo: ✗ This script does not produce reproducible output (yet!). Please help us remedy this. https://github.com/spesmilo/electrum/blob/dependabot/pip/contrib/deterministic-build/cryptography-3.2/contrib/android/Readme.mdThe Readme file describes how to build the .apk file by yourself (debug mode) if you don't trust / want-to-download the one shared on their website
|
|
|
|
nc50lc
Legendary
Offline
Activity: 2464
Merit: 5778
Self-proclaimed Genius
|
|
November 07, 2020, 04:18:29 AM Last edit: November 07, 2020, 08:58:22 AM by nc50lc |
|
Aside from the post above, there's another inconsistency on that site: It was published on 2019 Dec 11: Published: December 11, 2019 But it said that the latest version is v4.0.4.0: a 3.3 stars rating from 1870 users and the latest release is version 4.0.4.0. FYI, electrum v4.0.4 ( not v4.0.4.0) was only released on 2020-October-15. I wouldn't trust that page if I were you since they can't differentiate fake electrum and the original. Update: I have read the whole article and it looks like that the version written in the page was updated somehow but other links like readme.md aren't. The date and version are still misleading.
|
|
|
|
tranthidung
Legendary
Offline
Activity: 2324
Merit: 4110
Farewell o_e_l_e_o
|
|
November 07, 2020, 04:24:18 AM |
|
I doubt on reviews on that site. The Cryptowisser.com has its informative review page for wallets. Go ahead and check their reviews at:
|
|
|
|
pakhitheboss
|
|
November 07, 2020, 06:35:32 AM |
|
There is a lot of information available in this forum about good Bitcoin wallets. Why do you need to go to other website?
I have been using Mycelium wallet for a long time now as my priority was to have a mobile based wallet and I have not faced any issue with it to date.
I have used Electrum desktop but for altcoins and not for Bitcoin.
|
|
|
|
soliton (OP)
|
|
November 07, 2020, 07:01:26 AM Last edit: November 07, 2020, 12:05:48 PM by soliton |
|
The point of this topic is to share one more source with 100+ wallets where everyone can check his own one rather than to provide info for single Electrum. Please don’t dwell on one thing. Share info on your wallets obtained from the site. I doubt on reviews on that site. The Cryptowisser.com has its informative review page for wallets. Go ahead and check their reviews at: Thanks but no valuable info behind those " \/"and " X" on that site you suggested. Not reproducible from source provided means that every time you compile the app's source code you get a different binary file.
Thanks for your interpretation. FYI, electrum v4.0.4 (not v4.0.4.0) was only released on 2020-October-15.
Is something changed with 4.0.4 in respect the verdict has said? There is a lot of information available in this forum about good Bitcoin wallets. Why do you need to go to other website?
WalletScrutiny provides info that is not available in this forum
|
|
|
|
pooya87
Legendary
Offline
Activity: 3500
Merit: 10703
|
|
November 07, 2020, 07:09:46 AM |
|
Not reproducible from source provided means that every time you compile the app's source code you get a different binary file. Electrum app is not reproducible from source, indeed. This information was already mentioned on their github repo:
that is only about the Android version of the wallet not the desktop wallet, Electrum wallet IS reproducible for desktop which is the important thing because for storage and security purposes you want to use desktop versions not a mobile wallet. there are certain obstacles in the Android version that are causing issues.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
soliton (OP)
|
|
November 07, 2020, 07:15:08 AM Last edit: November 07, 2020, 07:38:37 AM by soliton |
|
Not reproducible from source provided means that every time you compile the app's source code you get a different binary file. Electrum app is not reproducible from source, indeed. This information was already mentioned on their github repo:
that is only about the Android version of the wallet not the desktop wallet, Electrum wallet IS reproducible for desktop which is the important thing because for storage and security purposes you want to use desktop versions not a mobile wallet. there are certain obstacles in the Android version that are causing issues. Yeah, WalletScrutiny doesn't mention desktop version of Electrum. Younger generation prefer mobile computers in their pockets rather that desktops or laptops.
|
|
|
|
nc50lc
Legendary
Offline
Activity: 2464
Merit: 5778
Self-proclaimed Genius
|
|
November 07, 2020, 09:02:02 AM |
|
FYI, electrum v4.0.4 (not v4.0.4.0) was only released on 2020-October-15.
Is something changed with 4.0.4 in respect the verdict has said? The verdict is fine since there's no way to produce a reproducible build for the android version ( latest post of the issue). They also got a point when they mentioned that the google play version is different from the development build that they successfully compiled since Electrum Devs are working on the " master branch" rather than a development branch, the source at that point has a few/lot of commits ahead from the google play version.
Okay, this is the last of Electrum-specific discussion for me here.
|
|
|
|
nakamura12
|
|
November 07, 2020, 08:21:10 PM |
|
If you are not sure at your wallet then why not use the legit wallets like electrum which is not reproducible from the source.I haven't use other wallet except electrum imtoken and trustwallet when I want to store bitcoin or eth. Anyway, my bitcoin in my pocket is safe and even if it is custodial and also local in my country.
|
Signature and avatar for rent: NAKAMURA12
|
|
|
hatshepsut93
Legendary
Offline
Activity: 3024
Merit: 2148
|
|
November 08, 2020, 12:09:54 PM |
|
I still prefer Electrum's mobile version rather than any other alternative, because I'm very satisfied with their desktop wallet, so I trust that there's nothing shady going on. Plus, I don't have any coins in my mobile wallet, I use it only in watch mode to occasionally check my cold wallet and to broadcast transactions. In general, it's recommended to only store small amounts in mobile wallets, because the platform itself is less secure than good open-source OS', and plus it's nearly always online.
|
|
|
|
joniboini
Legendary
Offline
Activity: 2240
Merit: 1795
|
|
November 08, 2020, 12:19:17 PM |
|
Younger generation prefer mobile computers in their pockets rather that desktops or laptops.
Is there any data to support this statement? I think I can be considered as one of those young generations and I don't really prefer a mobile wallet. IMO anyone who understands the risk wouldn't use a mobile wallet as their main wallet unless there's something else going on.
|
| | . .Duelbits. | │ | ..........UNLEASH.......... THE ULTIMATE GAMING EXPERIENCE | │ | DUELBITS FANTASY SPORTS | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ████████████████▀▀▀ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | . ▬▬ VS ▬▬ | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ███████████████████ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | /// PLAY FOR FREE /// WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3724
Merit: 6446
Looking for campaign manager? Contact icopress!
|
|
November 08, 2020, 01:57:45 PM |
|
Android specific wallets
Interesting list at first glance, but on a second thought, ... hmmm. I mean that I would not keep more than 100$ worth of funds on any Android wallet, no matter how legit it is and how reproducible the build is; Android security is .. weak. OK, a legit and maybe reproducible Android wallet is necessary, but not enough (imho). If one uses Android a lot for Bitcoin transfers, I'd say that a proper hardware wallet is a must. I think that this is actually one important use case for hardware wallets (and not holding, as many use them for).
|
|
|
|
soliton (OP)
|
|
November 08, 2020, 03:40:10 PM Last edit: November 08, 2020, 04:21:25 PM by soliton |
|
Younger generation prefer mobile computers in their pockets rather that desktops or laptops.
Is there any data to support this statement? I think I can be considered as one of those young generations and I don't really prefer a mobile wallet. IMO anyone who understands the risk wouldn't use a mobile wallet as their main wallet unless there's something else going on. My 25-30 yrs surrounding proves this. However if you need data in form of statistics then dyor, WEB is infested with relevant surveys. Forget about risk, buy HW and use your Android app connected with it. Android specific wallets
Interesting list at first glance, but on a second thought, ... hmmm. I mean that I would not keep more than 100$ worth of funds on any Android wallet, no matter how legit it is and how reproducible the build is; Android security is .. weak. OK, a legit and maybe reproducible Android wallet is necessary, but not enough (imho). If one uses Android a lot for Bitcoin transfers, I'd say that a proper hardware wallet is a must. I think that this is actually one important use case for hardware wallets (and not holding, as many use them for). Never fear, we, youngsters, are aware of hardware wallets that can be connected to Android mobiles.
|
|
|
|
sheenshane
Legendary
Offline
Activity: 2450
Merit: 1228
|
|
November 08, 2020, 04:40:56 PM |
|
I agree that android wallets are the easiest way in storing your Bitcoin or other crypto assets. But I will never consider this as storing a huge fund, hardware wallets are still the best for the large transfer and for the long time holding of your assets. There are too many circumstances that may happen while holding a large number of a crypto asset in your android wallet, it might be easy to compromise or might your device goes missing while in your pocket and it is easy to access your private key. Younger generation prefer mobile computers in their pockets rather that desktops or laptops.
But still, that isn't advisable. For Electrum desktop app version is better than the android app. They should know and understand the risk that I mentioned above. A small amount can be considerable while in the android wallet, but if that is thousands of dollar worth, a hardware wallet is a must.,
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
November 08, 2020, 04:51:53 PM |
|
Android security is .. weak.
That's a bold statement. One could argue that android is by far more secure than a windows computer. Android uses the linux kernel and user roles as a security concept where the end-user doesn't have root privileges. On windows, the user (and the malware he installs) can do anything. I'd always choose an updated android device over an updated windows computer.
|
|
|
|
soliton (OP)
|
|
November 08, 2020, 05:04:57 PM |
|
, hardware wallets are still the best for the large transfer and for the long time holding of your assets.
Thanks, but we. youngsters, are aware that hardware wallets transfer nothing, they need software app connected to do this. They also hold nothing except priv keys.
|
|
|
|
pixie85
|
|
November 08, 2020, 05:24:32 PM |
|
, hardware wallets are still the best for the large transfer and for the long time holding of your assets.
Thanks, but we. youngsters, are aware that hardware wallets transfer nothing, they need software app connected to do this. They also hold nothing except priv keys. Do you need anything but your private key to access your money? As for the app, they keep your private key safe even in case something wrong happens with the app and you're unable to use it. You can use your backup words to access the wallet even when hardware or software becomes inaccessible. I've been using Electrum for many years and never had a problem with updates or downloads. You just have to be careful and verify files each time.
|
|
|
|
joniboini
Legendary
Offline
Activity: 2240
Merit: 1795
|
|
November 08, 2020, 05:44:28 PM |
|
Forget about risk, buy HW and use your Android app connected with it.
So you will carry around your HW everywhere? I don't think that's a good idea. Well, maybe a card HW like Keycard could be used but I personally won't count it as my main wallet. I mean, what's the point of buying a HW if you bring it every time you go? Might as well set-up your mobile wallet as a hot wallet and leave the HW on your home for cold-storage.
|
| | . .Duelbits. | │ | ..........UNLEASH.......... THE ULTIMATE GAMING EXPERIENCE | │ | DUELBITS FANTASY SPORTS | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ████████████████▀▀▀ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | . ▬▬ VS ▬▬ | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ███████████████████ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | /// PLAY FOR FREE /// WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
soliton (OP)
|
|
November 08, 2020, 06:44:41 PM |
|
, hardware wallets are still the best for the large transfer and for the long time holding of your assets.
Thanks, but we. youngsters, are aware that hardware wallets transfer nothing, they need software app connected to do this. They also hold nothing except priv keys. Do you need anything but your private key to access your money? As for the app, they keep your private key safe even in case something wrong happens with the app and you're unable to use it. You can use your backup words to access the wallet even when hardware or software becomes inaccessible. I've been using Electrum for many years and never had a problem with updates or downloads. You just have to be careful and verify files each time. Definitely yes, priv key alone can't parse blockchain and build transaction when needed , it needs to be accompanied either you brain or software app which would do all math. Forget about risk, buy HW and use your Android app connected with it.
So you will carry around your HW everywhere? I don't think that's a good idea. Well, maybe a card HW like Keycard could be used but I personally won't count it as my main wallet. I mean, what's the point of buying a HW if you bring it every time you go? Might as well set-up your mobile wallet as a hot wallet and leave the HW on your home for cold-storage. Different options with mobile and HW can be considered and everyone chooses the one that suits better.
|
|
|
|
|