Safepal experiences

[andy.arden]

Hey guys, continuing the discussion a bit earlier i want to ask the owners of Safepal S1 about their experiences. I know its closed source compared with Onekey for example that is open source.

Also the downloads on Google Play is very high around 1mil if i am not mistaken. Do you know if anybody got hacked? I mean not from dumb smart contracts being signed , but for moving BTC in and out the wallet and having a decent knowledge on things.

Because what i see on other forums or articles is that people are being hacked when they buy/sell coins that are scams.

[Charles-Tim]

Maybe you do not know the meaning of close source wallets. It means no one know the sorice code the wallet developers used for the wallet. It is not known if it has vulnerabilities like backdoor or spyware or something of such.

The best hardware wallet that you can go for are open source hardware wallet.

[OmegaStarScream]

Well first, you should understand that the 1 million downloads are not necessarily all SafePal S1 users. That mobile app you're referring to can work without the hardware wallet.

Now, even putting the fact that it's closed source aside, the wallet is just horrible. I did buy one some time ago back when it was even cheaper than it currently is, and I think the UX is just bad. It's probably the last wallet I would recommend anyone to buy.

[BitMaxz]

I don't recommend to use a closed-source hardware wallet even if you heard that it is working fine, awesome, great you shouldn't still use it because it's closed-source.
Like the above said we do not know what is the code inside this hardware wallet.
So you can't guarantee the safety of your wallet having an offline/cold storage wallet is way more better and safer than using a closed source wallet.

[Z-tight]

If you want to buy a hardware wallet, take note that safepal isn't recommended, like the other users above have said, it is closed source, but that is not the only problem with this hardware wallet, you cannot also connect it with other software wallets as you can do with good hardware wallets, safepal also lacks the multisig feature, neither can you use coin control with this wallet, etc. Go for recommended devices and don't buy safepal.

[Husna QA]

If you want to buy a hardware wallet, take note that safepal isn't recommended, like the other users above have said, it is closed source, but that is not the only problem with this hardware wallet, you cannot also connect it with other software wallets as you can do with good hardware wallets, safepal also lacks the multisig feature, neither can you use coin control with this wallet, etc. Go for recommended devices and don't buy safepal.

It seems that you also have to mention the type of hardware wallet from Safepal that you are referring to. If what is in the highlight is closed-source, then Safepal X1 (https://www.safepal.com/en/store/x1) is one of the open-source hardware wallets from Safepal (I have no affiliation with them).

However, for me, neither open-source nor closed-source fully guarantees the security of a wallet.
Sample case: https://milksad.info/disclosure.html

You should never have used any closed source wallet-- but being open source is not enough.

The following is a review of the Safepal S1, which is quite complete in reviewing its advantages and disadvantages:
https://skrumble.com/hardware-wallets/safepal-s1-review/

[Charles-Tim]

It seems that you also have to mention the type of hardware wallet from Safepal that you are referring to. If what is in the highlight is closed-source, then Safepal X1 (https://www.safepal.com/en/store/x1) is one of the open-source hardware wallets from Safepal (I have no affiliation with them).

The last time I read about this wallet was during its presales which was not quite long ago. I have not seen a review yet that the wallet is completely open source, but for now, we truly supposed to mention it as exception and the reason. The wallet is having bluetooth and not QR code for making transactions, can not be connected with other software wallet like Electrum. Is the Safepal software wallet open source?

However, for me, neither open-source nor closed-source fully guarantees the security of a wallet.
Sample case: https://milksad.info/disclosure.html

I prefer an open source wallet that make use of well secure means of generating seed phrase, unlike the way Libbitcoin explorer that make use of random number generator that was said to be vulnerable. Who knows if there are close source wallet that are lazy and made use of Libbitcoin for their seed generation. Close source wallets are dangerous to that extent.

Open source wallets can have vulnerabilities, likewise close source wallet, like what that happen during the close source Atomic wallet hack that happen this year that lead to over $100 of stolen coins. Any of the wallet can be vulnerable, but close source is far worse because the public do not know the code that is used to build it just like I have mentioned before which I know is not new to you.

Because of how open source wallets are, and there are many bitcoin open source wallets that make use of secure means of generating seed phrase (there are too many of them), I will prefer to go for open source wallets.

The only hardware wallet that meets my preferences is Passport, while yet to be released Coldcard and upcoming Keystone are promising. Although, if Safepal X1 is reviewed and if truly open source, likely some people can prefer it because of its cheap price. It would have been good if it supports QR code.

[Husna QA]

-snip-

The last time I read about this wallet was during its presales which was not quite long ago. I have not seen a review yet that the wallet is completely open source, but for now, we truly supposed to mention it as exception and the reason. The wallet is having bluetooth and not QR code for making transactions, can not be connected with other software wallet like Electrum. Is the Safepal software wallet open source?

I read on the SafePal blog (https://blog.safepal.com/safepal-x1-open-source-wallet-suite/) regarding the X1 type they stated the following:

'Our 1st Open Source Bluetooth Hardware Wallet'

In other words, this means that different types of SafePal before the X1, such as the SafePal S1 and S1 Pro, still carry closed-source.

Overall, SafePal is not open-sourced yet. But open source has always been in our consideration. In the future, we might also choose to open source part of the codes based on the actual situation, just like Apple and Microsoft did.

The only hardware wallet that meets my preferences is Passport, while yet to be released Coldcard and upcoming Keystone are promising. Although, if Safepal X1 is reviewed and if truly open source, likely some people can prefer it because of its cheap price. It would have been good if it supports QR code.

I don't know much about SafePal X1 both in terms of its security features, build quality and other features. I just glanced at the SafePal X1 unboxing video here: https://www.youtube.com/watch?v=-KVSd9zS-7k.

DYOR

[Charles-Tim]

I read on the SafePal blog (https://blog.safepal.com/safepal-x1-open-source-wallet-suite/) regarding the X1 type they stated the following:

'Our 1st Open Source Bluetooth Hardware Wallet'

In other words, this means that different types of SafePal before the X1, such as the SafePal S1 and S1 Pro, still carry closed-source.

What I meant is that if the hardware wallet (Safepal X1) has been tested to be open source, what about the Safepal software wallet which is used with it, like this on Android: https://play.google.com/store/apps/details?id=io.safepal.wallet

I thought Safepal software wallet is close source. With the review I read about Safepal X1, it can only be used with the Safepal software wallet, it can not be connected with wallets like Electrum or Sparrow. Safepal software wallet now open source?

[Husna QA]

-snip- Safepal software wallet now open source?

It seems that for the SafePal App, as in the article published by Safepal about a year ago (https://safepalsupport.zendesk.com/hc/en-us/articles/8822463320859-Open-Source-of-SafePal-App), the application is not yet open-source.

The transition to open-source seems to be gradual:

SafePal plans to continue the open-source transition, focusing on firmware for the S1 line and the SafePal browser extension in Q4.

[dkbit98]

...Safepal S1
...

Best way to describe it, this is insecure closed source JUNK that stole and modified source code, than hidden all the traces.
I would never use it for multiple reasons and some of them are explained in one of my topics:
https://bitcointalk.org/index.php?topic=5317884.0

In theory their new device X1 should be a bit better, but that is only in theory.

[Pmalek]

Safepal's software wallet is closed-source as confirmed by WalletScrutiny. No public code existed for the Android or iOS apps when the team carried out their testing.
https://walletscrutiny.com/iphone/walletapp.safepal.io/
https://walletscrutiny.com/android/io.safepal.wallet/

It's the same thing for the Safepal S1. The wallet is not open-source, despite their promises to make it as such. And they said it would be open-source in 2021. We are now nearing the end of 2023.
https://walletscrutiny.com/hardware/safepals1/