I have a couple questions.
1. Can the devs have access to my coins?
No, only the user can access any btc/gemz that are on-chain because the passphrase is generated locally on the device. In order to comply with the level of security enforced by Counterparty, we use the same open-source code used by Couterparty in their official web wallet (
https://github.com/CounterpartyXCP/counterwallet/). This code makes sure the passphrase itself never leaves the device, only appropriate hashes.
2. Like every other wallet i would like to know if someone can steel my coins from my smartphone without having my phone and my PIN?
The user is asked to choose a 4 digit PIN code to protect the passphrase on the device. The passphrase is only held decrypted in volatile memory and deleted from memory as soon as it’s not needed. This makes sure that even if the device is stolen, the thief will not be able to decrypt the passphrase from local storage.
As an extra security measure upon installation, the app generates a unique key (secure random with 30 characters). This key is saved persistently on the device and used to identify this specific device hardware in future API calls (anonymously). This locks usage of the Gems app to this specific device for security reasons (the user will need to type in their passphrase in order to add a new device and thus locking the old stolen device).
3. Could my coins just disappear in the wallet without anyone steeling it? Maybe caused by a bug or something, or is it on the blockchain anyway no matter what happens to the app?
BTC/GEMZ that are held on-chain can only be accessed using the passphrase. Even if the GetGems app and Counterwallet are offline you can still mathematically generate your public and private keys using your passphrase. Since the addresses are generated on the fly using JavaScript, it is possible to do this in your own browser (even offline). You can use this tool:
https://blockscan.com/tool_generatekeyThe Counterparty exchange is actually part of the Bitcoin blockchain. This means that Bitcoin itself would have to be shut down entirely in order for it to go offline.
In the next development update (in QA right now) like we said in the past, our plan is that GEMZ will be settled offline through the GetGems internal hosted wallet. This is a hybrid semi centralized database system meant for smaller balances and to allow for speed, security and zero transaction fees. GEMZ will be able to withdrawn to any external counterparty wallet which will be processed using our secure counterparty gateway server.
This hybrid solution (very similar to how coinbase and changetip operate) is good for the "Airdrop" and for new users while not taking from the security of users that want to have their GEMZ only on-chain outside of the app. .
