Bitcoin Forum
December 08, 2016, 08:07:50 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Way to get an iPhone BTC app into the App Store  (Read 3399 times)
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 08, 2012, 06:13:11 PM
 #1

I thought of a way to get an iPhone BTC app into the web store...

Just make it entirely a web based version that is reached via a QR code that contains a URL with a parameterized private key.  (So in effect the app would be used for receiving payments from somebody who handed over a private key on a QR code).

Then submit something to the app store which reads the QR code, and performs strict validation on it, and then redirects to the web app.

Ordinarily, this would be exactly the same as making a web-based bitcoin app, and having people pass around QR codes as "money" that contain URLs to a hosted web app to allow the money to be spent, these could be scanned with any generic QR code scanner.  The problem is that the QR code could contain a URL to a phishing or clone site that could show a balance and allow it to be spent, but would only pretend coins were sent without sending any.  The purpose of the app in the App Store would be to prevent that - it would simply test the URL with a preconfigured regex and only redirect if it passed.

Since this app would be a combo QR code scanner / URL validator, and wouldn't have any bitcoin functionality of its own, it may not be rejected like a typical bitcoin app.  Perhaps if the actual regex were an "advanced" changeable option, it would be a generic tool that could be used for others, so it wouldn't be too bitcoiney.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
1481227670
Hero Member
*
Offline Offline

Posts: 1481227670

View Profile Personal Message (Offline)

Ignore
1481227670
Reply with quote  #2

1481227670
Report to moderator
1481227670
Hero Member
*
Offline Offline

Posts: 1481227670

View Profile Personal Message (Offline)

Ignore
1481227670
Reply with quote  #2

1481227670
Report to moderator
1481227670
Hero Member
*
Offline Offline

Posts: 1481227670

View Profile Personal Message (Offline)

Ignore
1481227670
Reply with quote  #2

1481227670
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
kangasbros
Hero Member
*****
Offline Offline

Activity: 811



View Profile
April 08, 2012, 06:34:27 PM
 #2

With Easywallet.org you already can receive and send bitcoins with iPhone via QR codes, provided that you install the Barcodes scanner application: http://itunes.apple.com/us/app/barcodes-scanner/id417257150?mt=8

I don't see the point for combining native app + web app.

Edit: The last line didn't come out right, I meant that if we are relying on web based wallets, then we can already use the existing QR code scanners. Client-side private keys are possible with jasvascript local storage, I guess.

Also disclaimer, I'm the author of easywallet.org

casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 08, 2012, 07:02:21 PM
 #3

With Easywallet.org you already can receive and send bitcoins with iPhone via QR codes, provided that you install the Barcodes scanner application: http://itunes.apple.com/us/app/barcodes-scanner/id417257150?mt=8

I don't see the point for combining native app + web app.

Edit: The last line didn't come out right, I meant that if we are relying on web based wallets, then we can already use the existing QR code scanners. Client-side private keys are possible with jasvascript local storage, I guess.

Also disclaimer, I'm the author of easywallet.org

Yes, that will work, until a scammer makes a clone of your website, and hands a merchant a QR code that redirects to his own website, that fakes a payment and makes it appear on-screen that a payment is being made, but in fact none is made and the bitcoins don't even exist.  The Barcodes scanner application you referenced offers no capability of performing strict validation on the codes (the part I originally bolded in the OP), which is an important control on fraud.  However, given that the app is open source, it could be modified by a developer to include such a feature.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
evoorhees
Legendary
*
Offline Offline

Activity: 994


Democracy is the original 51% attack


View Profile
April 08, 2012, 07:25:58 PM
 #4

Blockchain.info's wallet is now officially on the App Store, so people should just use that.

Many iphone/bitcoin users will not be tech-minded... so a weird "work around" would probably only serve to confuse. Bitcoin needs to be getting simpler, not more complicated, even though your solution achieves the goal of functionality.
kangasbros
Hero Member
*****
Offline Offline

Activity: 811



View Profile
April 08, 2012, 07:50:43 PM
 #5

Yes, that will work, until a scammer makes a clone of your website, and hands a merchant a QR code that redirects to his own website, that fakes a payment and makes it appear on-screen that a payment is being made, but in fact none is made and the bitcoins don't even exist.  The Barcodes scanner application you referenced offers no capability of performing strict validation on the codes (the part I originally bolded in the OP), which is an important control on fraud.  However, given that the app is open source, it could be modified by a developer to include such a feature.

Well, similar attack could be run for mtgox.com, bitmit.net or any web site which handles web sites... I don't see it as a big threat. I hope those malicuous clones won't be popping up.

And I think you are confusing things - the merchant who accepts those fake bitcoins doesn't need QR code scanner at all - he just receives the bitcoins (which would be fake if the attacker succeeds to make the merchant use the fake service). So modifying the QR code scanner won't help the merchant receiving the coins, since he doesn't even use the QR code scanning functionality.

But that kind of attack is why I always advertise my service as easywallet.org - I have that domain registered for a pretty long time and it is guaranteed to be mine. Maybe those attackers could try something like easywallet.info or like. But I hope that won't be a threat anytime soon.

proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
April 08, 2012, 11:15:10 PM
 #6

Blockchain.info's wallet is now officially on the App Store, so people should just use that.

Many iphone/bitcoin users will not be tech-minded... so a weird "work around" would probably only serve to confuse. Bitcoin needs to be getting simpler, not more complicated, even though your solution achieves the goal of functionality.

Not the US store, though.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 09, 2012, 04:07:57 AM
 #7

Well, similar attack could be run for mtgox.com, bitmit.net or any web site which handles web sites... I don't see it as a big threat. I hope those malicuous clones won't be popping up.

And I think you are confusing things - the merchant who accepts those fake bitcoins doesn't need QR code scanner at all - he just receives the bitcoins (which would be fake if the attacker succeeds to make the merchant use the fake service). So modifying the QR code scanner won't help the merchant receiving the coins, since he doesn't even use the QR code scanning functionality.

With all due respect, I don't think you have read my post carefully.  Not that you need to - but before telling me I'm confusing things, perhaps do some due diligence and try carefully to understand what I am saying, which has nothing to do with what you're talking about.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
kangasbros
Hero Member
*****
Offline Offline

Activity: 811



View Profile
April 09, 2012, 07:36:22 AM
 #8

With all due respect, I don't think you have read my post carefully.  Not that you need to - but before telling me I'm confusing things, perhaps do some due diligence and try carefully to understand what I am saying, which has nothing to do with what you're talking about.

Yeah, sorry, I misunderstood. You were describing different system entirely.

Grami
Jr. Member
*
Offline Offline

Activity: 38


View Profile
April 09, 2012, 09:59:28 AM
 #9

I thought of a way to get an iPhone BTC app into the web store....

There is another way. Build app that operates with with spherical money provider. It can use bank or paypal or bitcoin provider. Money provider just should make protocol implementation. I guess such app will not be rejected.
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
April 09, 2012, 10:17:26 AM
 #10

Isn't Bit-Pak already available in the US iTunes?

Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
April 09, 2012, 11:38:30 AM
 #11

Seriously guys:



But well, it's true that we have to allow new people to use bitcoin, and it's not our fault if they use fail phones
kangasbros
Hero Member
*****
Offline Offline

Activity: 811



View Profile
April 09, 2012, 02:41:10 PM
 #12

Isn't Bit-Pak already available in the US iTunes?

Promoting Bit-Pak is about the best way to make sure that people will hate bitcoin. Some guy I met at the bar had installed it, and had waited about 2 weeks for the block chain to download. While the app consumes your battery etc.

Then I told him about easywallet.org, and he had it up and running & bookmarked on his iPhone in about 3 minutes. Then I sent some bitcoins to him and he had them instantly in his iPhone.

Introducing bitcoin to a new guy with easywallet.org : 2-5 minutes
Same with BitPak: 2 weeks, and the guy will probably forgot it or remove it from his iPhone from consuming resources.

It is just the fact that the full clients suck for mobile usage. Hope that somebody implements Electrum-style client and gets it approved.

(Myself I approve what the blockchain.info guys are doing, but the mobile app model just sucks IMHO. I don't want to manage invidual addresses etc. I just want a very simple way to receive and send bitcoins, with good anonymity and privacy.)

piuk
Hero Member
*****
Offline Offline

Activity: 910



View Profile WWW
April 09, 2012, 03:19:19 PM
 #13

the mobile app model just sucks IMHO. I don't want to manage invidual addresses etc. I just want a very simple way to receive and send bitcoins, with good anonymity and privacy.)

I'd rather own my keys, you shouldn't need to sacrifice bitcoin's greatest strength for a bit of convenience.

BitPay Business Solutions
Hero Member
*****
Offline Offline

Activity: 756


View Profile WWW
April 09, 2012, 03:23:00 PM
 #14

I'd rather own my keys, you shouldn't need to sacrifice bitcoin's greatest strength for a bit of convenience.

piuk has shown how this can be convenient and secure at the same time.  Everyone else should follow this model. 

BitPay : The World Leader in Bitcoin Business Solutions

https://bitpay.com

Does your website accept bitcoins?
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 09, 2012, 04:43:47 PM
 #15

the mobile app model just sucks IMHO. I don't want to manage invidual addresses etc. I just want a very simple way to receive and send bitcoins, with good anonymity and privacy.)

I'd rather own my keys, you shouldn't need to sacrifice bitcoin's greatest strength for a bit of convenience.

I am a big advocate of paper wallets, but for pocket cash, I would have no problem with the mobile web app model.  Like if I were going to Meze Grill and wanted to pay for that damn good steak gyro they've got (that I went back for another a couple days after the first), I wouldn't be worried about a site operator swiping 20 bucks off me.  Just as likely I might lose my phone and the keys with it - at least on a hosted service I would get them back.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
kangasbros
Hero Member
*****
Offline Offline

Activity: 811



View Profile
April 09, 2012, 04:46:43 PM
 #16

I'd rather own my keys, you shouldn't need to sacrifice bitcoin's greatest strength for a bit of convenience.

piuk has shown how this can be convenient and secure at the same time.  Everyone else should follow this model. 

While I agree that owning your own keys is the best solution, the blockchain.info app solution is not optimal. Installation is hard and UI is crappy, of course this is subjective.

And of course the more wallet apps there is, the better. Everyone can decide themselves which model is the best for their specific usage.

notme
Legendary
*
Offline Offline

Activity: 1526


View Profile
April 09, 2012, 07:05:59 PM
 #17

Seriously guys:



But well, it's true that we have to allow new people to use bitcoin, and it's not our fault if they use fail phones

Wish I could, but I'm locked in Apple hell after I had an iPhone purchased for me for a project I was working on.  Man, will it be nice when I can get an android.  My girlfriend has one and it is much better for someone technically inclined like myself.

Anyway, we're really off-topic since the fact is people have iPhones and we don't want to throw out that market.

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 09, 2012, 08:43:27 PM
 #18

Can anyone confirm if I understand this correctly?  The SDK for iPhone is available for free in the Mac App Store to anyone with a Mac computer running Lion, and the SDK includes an emulator for iPhone for app testing.  One can compile the app, but must be part of the $99/year developer program in order to load an application on physical iPhones, even your own phone connected via USB?

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
kangasbros
Hero Member
*****
Offline Offline

Activity: 811



View Profile
April 10, 2012, 01:22:27 PM
 #19

Can anyone confirm if I understand this correctly?  The SDK for iPhone is available for free in the Mac App Store to anyone with a Mac computer running Lion, and the SDK includes an emulator for iPhone for app testing.  One can compile the app, but must be part of the $99/year developer program in order to load an application on physical iPhones, even your own phone connected via USB?

I don't think you need to own the licence to run your self-compiled apps. I'm not 100% sure though, since I've had always the licence.

Also you can distribute the app also as a beta to something like 100 users. They don't even need to compile it or anything, and I guess installing for them is pretty trivial.

However, without a very easy installation there won't be much adoption. Technically adept people usually don't understand how easy it must be, so that people will "get it". If you need to do anything that requires some thinking, most people won't bother.

casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 10, 2012, 02:11:33 PM
 #20

I wonder if it might be worth a serious canvassing effort to Apple to get them to not block Bitcoin apps.  And where to write to.  (I'd participate, and would send my opinion in written form via FedEx, which tends to get noticed a lot more than e-mail).

My read on the situation is that Apple blocks all forms of "virtual currency" because they want to make sure they get a cut of in-app purchases, something developers could easily get around if in-app purchases were made with scrip.  But I am not sure they really intend to target projects like Bitcoin.  They don't block the PayPal app, nor presumably do they require a 30% cut of every PayPal transaction sent with an iPhone, and the emergence of MintChip legitimizes the evolution of currency as a concept.

I think it's plausible that they could be persuaded that an application that sends Bitcoins is no different than one that sends your PayPal balance, and is substantially different from an app that uses scrip to evade Apple's cut of an in-app purchase and so they should make an explicit exception for it in the rules.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!