Cypherbox Wallet - self-custody, lightning, mobile

[cygan]

in this thread, i’d like to introduce you to the new Cypherbox wallet. i’d also like this thread to serve as a place for discussion.
developed by Strike, this mobile wallet is available for all ios and android devices. the current version 0.0.8 includes the following features:

• login to Strike via oauth 2.0
• face/touch id for coinos
• push notifications for coinos and hot/cold vaults

https://cypherbox.io/
https://github.com/CypherBoxLLC/Cypher-Box/releases/tag/v0.0.8

[Misa Amane]

To me, this feels less like a Bitcoin wallet and more like a thin wrapper around Strike services.

Using OAuth 2.0 for login already indicates that user access depends on a centralized provider. That directly contradicts the core idea of self-custody. If the wallet cannot function independently of Strike, then calling it a “wallet” is somewhat misleading I think it’s more accurate to describe it as an account interface.

Features like push notifications and biometric login do improve convenience, but they don’t address the fundamental question: who controls the keys?
If key management is not fully local and verifiable, then the user is simply trusting another layer without gaining real sovereignty.

Another major issue is transparency. For a project at version 0.0.8, I would expect clear documentation on:

1. How keys are generated and stored
2. Whether any data is routed through external servers
3. How the Coinos integration actually works under the hood

So far, these aspects are either not clearly explained or seem to be missing, which makes it difficult to properly evaluate the security model.

To put it simply: without removing centralized authentication dependency and without clear proof of self-custody, this doesn’t offer much advantage over using Strike directly.

If the goal is to build a serious Bitcoin wallet, then the priority should be trust minimization, open architecture, and independent key ownership before adding convenience features.