Bitcoin Forum
October 19, 2018, 10:08:11 AM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: ‘Decentralized’ Bitcoin Wallet is available in iOS  (Read 3483 times)
ArticMine
Legendary
*
Offline Offline

Activity: 2198
Merit: 1011


Monero Core Team


View Profile
September 27, 2014, 03:27:22 AM
 #21

I would not let a single satoshi, belonging to me, anywhere near an operating system released by Apple. Please see my following post as to why. https://bitcointalk.org/index.php?topic=796585.msg8971859#msg8971859

That's a very short sighted position to take. When it comes to mobile devices, the two popular options are Android and iOS. iOS devices are all hardware AES encrypted by default, and have a much stronger security model than Android with regard to malware. Avoiding apple based on a single criteria like non-use of GPLv3 code doesn't take the entire security picture into account.

If you're interested in learning about the actual details of security measures employed by iOS, I recommend reading the white paper: https://www.apple.com/privacy/docs/iOS_Security_Guide_Sept_2014.pdf

Here's an article that offers some opinions of security researchers with regard to iOS security measures if you're not in a position to evaluate them yourself:
http://www.networkworld.com/article/2174973/smartphones/apple-reveals-unprecedented-details-in-ios-security.html

Yes, I have read the paper. There is really nothing new here. The entire security model is designed to lock out the end owner from their own device (the DRM / telescreen in 1984 application) rather than protect the end owner's data. However unlike Windows 8.x RT where no permanent jailbreak has been released every version of IOS up to IOS 7 has been jailbroken, It is also only a matter of time until IOS 8 gets jailbroken.  The fact that IOS can be jailbroken negates the entire security model in the white paper. Microsoft with Windows 8.x RT beats Apple hands down when it comes to implementing the telescreens in 1984. We must keep in mind that any security then owner of the device may enjoy is dependent on: 1) The broken DRM / telescreen in 1984 application. 2) The insecure Apple iCloud (This was aptly demonstrated in the "nude selfie" exploit). 3) A fair amount of security theatre. A good example of the latter is the use of fingerprint security on a mobile device. http://www.theregister.co.uk/2014/09/23/iphone_6_still_vulnerable_to_touchid_fingerprint_hack/. I mean really: How many iPhone users leave their fingerprints on their Apple's iPhones?

The latest case regarding the use of 7  year old GNU software is classic Apple. Both my Ubuntu and CentOS GNU/Linux systems are now fully patched against the vulnerability, while Apple has yet to issue a patch! What Apple has released instead is classic corporate spin of the worst kind claiming that IOS users are not vulnerable because they do not have access to the shell. As if root access was a requirement for the exploit. Ever wonder why the US Secret Service does not allow President Obama to have an iPhone? He got a Blackberry instead. Or why Edward Snowden stated that IOS devices were the easiest for the NSA to break into? Android can be hardened, by a user with root. GNU/linux is really easy to secure by the end user. For those wishing a propriety solution Blackberry and yes even Microsoft does a far better job.

I still stand by my statement that I would not let a single satoshi, belonging to me, anywhere near an operating system released by Apple.

Edit: Corrected their to Apple, since many peoples implicit definition of ownership also involves control.

Concerned that blockchain bloat will lead to centralization? Storing less than 4 GB of data once required the budget of a superpower and a warehouse full of punched cards. https://upload.wikimedia.org/wikipedia/commons/8/87/IBM_card_storage.NARA.jpg https://en.wikipedia.org/wiki/Punched_card
1539943691
Hero Member
*
Offline Offline

Posts: 1539943691

View Profile Personal Message (Offline)

Ignore
1539943691
Reply with quote  #2

1539943691
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1539943691
Hero Member
*
Offline Offline

Posts: 1539943691

View Profile Personal Message (Offline)

Ignore
1539943691
Reply with quote  #2

1539943691
Report to moderator
voisine
Member
**
Offline Offline

Activity: 120
Merit: 10


View Profile
September 27, 2014, 05:13:34 AM
 #22

Yes, I have read the paper. There is really nothing new here. The entire security model is designed to lock out the end owner from their own device (the DRM / telescreen in 1984 application) rather than protect the end owner's data. However unlike Windows 8.x RT where no permanent jailbreak has been released every version of IOS up to IOS 7 has been jailbroken, It is also only a matter of time until IOS 8 gets jailbroken.  The fact that IOS can be jailbroken negates the entire security model in the white paper. Microsoft with Windows 8.x RT beats Apple hands down when it comes to implementing the telescreens in 1984. We must keep in mind that any security then owner of the device may enjoy is dependent on: 1) The broken DRM / telescreen in 1984 application. 2) The insecure Apple iCloud (This was aptly demonstrated in the "nude selfie" exploit). 3) A fair amount of security theatre. A good example of the latter is the use of fingerprint security on a mobile device. http://www.theregister.co.uk/2014/09/23/iphone_6_still_vulnerable_to_touchid_fingerprint_hack/. I mean really: How many iPhone users leave their fingerprints on their iPhones?

The latest case regarding the use of 7  year old GNU software is classic Apple. Both my Ubuntu and CentOS GNU/Linux systems are now fully patched against the vulnerability, while Apple has yet to issue a patch! What Apple has released instead is classic corporate spin of the worst kind claiming that IOS users are not vulnerable because they do not have access to the shell. As if root access was a requirement for the exploit. Ever wonder why the US Secret Service does not allow President Obama to have an iPhone? He got a Blackberry instead. Or why Edward Snowden stated that IOS devices were the easiest for the NSA to break into? Android can be hardened, by a user with root. GNU/linux is really easy to secure by the end user. For those wishing a propriety solution Blackberry and yes even Microsoft does a far better job.

I still stand by my statement that I would not let a single satoshi, belonging to me, anywhere near an operating system released by Apple.

I agree that Apple and iOS has it's security issues. I'm not familiar enough with windows 8 security to comment on it, other than to say it's not yet a popular enough smartphone platform to merit spending development effort on yet. Perhaps that will change.

In the mean time, iOS appears to be the most secure of the popular platforms against malware and physical theft attack vectors. breadwallet takes the jailbreak concern seriously, and repeatedly warn users of jailbroken phones that their funds are at risk on every app launch, along with an explanation why to help convince them of the severity of the risk. The risk however is relatively low for non-jailbroken phones unless a remote jailbreak exploit is discovered, which would be quickly patched with apple's typically high patch deployment rates.
ArticMine
Legendary
*
Offline Offline

Activity: 2198
Merit: 1011


Monero Core Team


View Profile
September 27, 2014, 05:22:23 AM
 #23

I stand by my position that the only safe OS for Bitcoin and other crypto currency is GNU/Linux, with Android properly secured for small amounts. All I can say is time will tell.

Concerned that blockchain bloat will lead to centralization? Storing less than 4 GB of data once required the budget of a superpower and a warehouse full of punched cards. https://upload.wikimedia.org/wikipedia/commons/8/87/IBM_card_storage.NARA.jpg https://en.wikipedia.org/wiki/Punched_card
voisine
Member
**
Offline Offline

Activity: 120
Merit: 10


View Profile
September 27, 2014, 05:29:07 AM
 #24

I stand by my position that the only safe OS for Bitcoin and other crypto currency is GNU/Linux, with Android properly secured for small amounts. All I can say is time will tell.

Android is even more popular than iOS. I would love to build an android version of breadwallet. Maybe we can discuss by email about how this can be accomplished for non-technical users without subjecting them to the risk of malware theft or loss of funds in the event of physical theft.

My understanding is that for android devices to enable hardware backed filesystem encryption, you need to have a long unlock password, which pretty much nobody does. Additionally a large portion of android devices don't receive timely security patches due to carrier customization and apathy. I would love to talk to someone who has more experience with android security than I do and can help me figure out how best to mitigate these risks.
Billbags
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250

Brainwashed this way


View Profile
September 27, 2014, 05:47:42 AM
 #25

I've had the two Android Bitcoin wallets since they have been out and they are great. Andreas said he hasn't had one report of any stolen/hacked coins EVER, that's 2 or so years. Mycelium great also, Jan has so many features now it's unbelievable. From experience, I mine to the Mycelium and store on the Andreas. I use an old HTC phone with no service as my cold wallet with Andreas Bitcoin Wallet and Mycelium on my everyday phone as my hot wallet.

@Voisine
Talk to Jan, he's always on the forum here. Search Mycelium Thread.

Listen: meat beat manifesto ~ Edge of no control (pt.1)
Read:"He who controls the past controls the future. He who controls the present controls the past." ~ George Orwell
Think: http://unenumerated.blogspot.com/2014/12/the-dawn-of-trustworthy-computing.html
voisine
Member
**
Offline Offline

Activity: 120
Merit: 10


View Profile
September 27, 2014, 06:01:05 AM
 #26

I've had the two Android Bitcoin wallets since they have been out and they are great. Andreas said he hasn't had one report of any stolen/hacked coins EVER, that's 2 or so years. Mycelium great also, Jan has so many features now it's unbelievable. From experience, I mine to the Mycelium and store on the Andreas. I use an old HTC phone with no service as my cold wallet with Andreas Bitcoin Wallet and Mycelium on my everyday phone as my hot wallet.

@Voisine
Talk to Jan, he's always on the forum here. Search Mycelium Thread.

That's great to hear. I hope it stays that way as bitcoin grows into a major world currency, and robbing bitcoin wallets becomes the most lucrative target in existence for hackers everywhere, far above turning people's computers into spambots or stealing credit card info. I'm convinced malware theft is going to become a huge issue when millions of non-technical people are using bitcoin every day.
CrackedLogic
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000



View Profile
September 27, 2014, 06:16:49 AM
 #27

I'm the author of breadwallet, and also co-author of BIP39 and I took over maintenance of BIP38.

The word I've been using to describe it is 'standalone', but the coin desk writer went with the way that bitcoin.org describes such wallets, 'decentralized'.

I believe it's the only wallet out there now that is both BIP32 HD, and BIP37 SPV... someone correct me if I missed another. All the other mobile SPV wallets are based on bitcoinj which I don't think has BIP32 quite implemented yet, though it's getting close.

I designed breadwallet to be the most secure wallet out there. The iOS security model provides good protection against malware (you would need a remote jailbreak exploit for malware to steal your keys), and also all devices are hardware AES encrypted by default, so it's reasonably secure even in the event of physical theft. Web and desktop wallets are of course wide open to malware, and although android is better, it still has a serious malware problem, most devices don't receive timely security updates, and almost no one has android filesystem encryption turned on to protect from physical theft. Of those that do, many devices don't have hardware backed encryption, so the encryption is only as strong as the typically weak passwords people choose for unlocking their phones.

breadwallet also supports bip38 key import, bip70 payment protocol, and is open source. I'm pleased to say it's now listed on bitcoin.org "choose your wallet"

It's really nice, but will there be an Android release?

Shocked BUY GAMESWITHBTCITCOINFORDISCOUNTEDPRICES Shocked
RedhatCAT
Full Member
***
Offline Offline

Activity: 123
Merit: 100


View Profile
September 27, 2014, 06:26:19 AM
 #28

I stand by my position that the only safe OS for Bitcoin and other crypto currency is GNU/Linux, with Android properly secured for small amounts. All I can say is time will tell.
I agree. Anything that needs to be downloaded via the iTunes app store, will be, by definition, not open source. Therefore no matter how secure you claim it to be, there is no real way to verify your claims nor any real way to make sure the version being downloaded/used is actually the version being distributed   
voisine
Member
**
Offline Offline

Activity: 120
Merit: 10


View Profile
September 27, 2014, 07:49:48 AM
 #29

I agree. Anything that needs to be downloaded via the iTunes app store, will be, by definition, not open source. Therefore no matter how secure you claim it to be, there is no real way to verify your claims nor any real way to make sure the version being downloaded/used is actually the version being distributed  

Yes, I discussed this problem during my tech talk at 20mission: https://www.youtube.com/watch?v=OQFpUduwCUM

I will be attempting to get deterministic builds for iOS working to address this.  I don't know if it will be possible but I will see if I can do it. I do verify that the app store version is identical to the binary that I uploaded to apple to ensure no apple employee modified it apart from re-signing the code with their key. (you can download the app store binary to iTunes on your desktop) Then at least if the binaries can't be generated perfectly deterministically, they can be made as near to identical as possible by independent third parties and the differences examined.
Billbags
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250

Brainwashed this way


View Profile
September 27, 2014, 05:18:09 PM
 #30

@voisine

Jan from Mycelium Wallet(Android)
https://bitcointalk.org/index.php?action=profile;u=29177

Andreas from Bitcoin Wallet(Android)
https://bitcointalk.org/index.php?action=profile;u=3696


I would Recommend you also make a thread in the same topic section as these guys for long term support, that section seems to work well at attracting intellectual "think tank" discussions for Developing Technology and Alternative Clients.

This section here is good for announcing a new product, but you get a lot of "pull my finger" type of posters.

Listen: meat beat manifesto ~ Edge of no control (pt.1)
Read:"He who controls the past controls the future. He who controls the present controls the past." ~ George Orwell
Think: http://unenumerated.blogspot.com/2014/12/the-dawn-of-trustworthy-computing.html
voisine
Member
**
Offline Offline

Activity: 120
Merit: 10


View Profile
September 27, 2014, 08:07:30 PM
 #31

@voisine

Jan from Mycelium Wallet(Android)
https://bitcointalk.org/index.php?action=profile;u=29177

Andreas from Bitcoin Wallet(Android)
https://bitcointalk.org/index.php?action=profile;u=3696


I would Recommend you also make a thread in the same topic section as these guys for long term support, that section seems to work well at attracting intellectual "think tank" discussions for Developing Technology and Alternative Clients.

This section here is good for announcing a new product, but you get a lot of "pull my finger" type of posters.


thanks @Billbags

I've actually had some extended email conversations with Andreas about android security. Right now he's relying on android access permissions to protect your private keys. I'll contact Jan as well and see if he's taking any additional measures for mycelium.
Gotti III
Member
**
Offline Offline

Activity: 60
Merit: 10


View Profile
October 02, 2014, 12:46:44 PM
 #32

Did anybody used is this app already?
Jamie_Boulder
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


View Profile WWW
October 02, 2014, 01:59:56 PM
 #33

Can anyone vouch that this is a trustworthy wallet provider? stats?

voisine
Member
**
Offline Offline

Activity: 120
Merit: 10


View Profile
October 02, 2014, 07:37:46 PM
 #34

Can anyone vouch that this is a trustworthy wallet provider? stats?

Everything is open source, so ideally you shouldn't have to trust me. The only issue is how to verify that the app store distribution is built from the public source code without modification. I verify that the app store build is identical to the one I signed and uploaded to apple, and I'm working on getting deterministic builds working to make it easy for others to verify it's built from the same source. However until that time, the best bet would be for a third party to build it from source, download the app store version to iTunes, strip off the code signatures and do a binary diff to examine the binary differences and make sure there's nothing added or removed apart from normal build differences for non-deterministic builds. I'm happy to work with anyone who's interested to do this.
removebeforeflight
Sr. Member
****
Offline Offline

Activity: 698
Merit: 258



View Profile
October 03, 2014, 03:10:17 AM
 #35

This is now my iOS wallet of choice; over verso wallet

                 ▄███▄
                ███████░
               █████████▄
              ████████████
             ███████████▓▓▓░
            ███████████▓▓▓▓▓
          ░███████████▓▓▓▓▓░░░
         ░███████████▓▓▓▓▓░░░░░
        ░███████████▓▓▓▓▓░░░░░░░
       ░███████████▓▓▓▓▓░░░░░░░░░░
      ░███████████▓▓▓▓▓░░░░░░░░░░░░
    ░░███████████▓▓▓▓▓░░░░░░░░░░░░░░
    ░███████████▓▓▓▓▓░░░░░░░░░░░░░░░░
██
██
██
██
██
██
██
........PayPal of Cryptocurrencies.......
Blockchain Protocol + 12 Working Modules - Use Crypto as Cash
██
██
██
██
██
██
██
████ Invest Now  ████
     ▄████████████████████████▄
    ███████████████████████████▌
    ████████████████▀▀ ---¬█████
    ███████████████        █████
    ██████████████    ▄▄▄▄▄█████
    ██████████████    ▀█████████
    ██████████▌            █████
    ██████████▌            █████
    ██████████████    ██████████
    ██████████████    ██████████
    ██████████████    ██████████
    ▐█████████████    █████████
      ▀▀▀▀▀▀▀▀▀▀▀▀    ▀▀▀▀▀▀▀
▄▓█████████████████████▓▓▄
▓██████████████████████████▌
███████████████████▓▓▀  ▓██▌
██████████████▓▀▀       ▓██▌
████████▓▀▀      ▄█    ▐███▌
███▓▀        ▄▄▓▀      ▓███▌
███▓▄▄▄   ▄▓█▓         ████▌
████████▓ ▓▌          ▓████▌
█████████▓    ▄       █████▌
██████████▌ ▄▓██▓▄   ▐█████▌
███████████████████▓▓██████▌
▐██████████████████████████
  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▄███████████████████▄
██████████████████████▌
██████████████████████▌
████████████     █▀███▌
███   █████        ▐██▌
███               ▐███▌
███               ████▌
████             █████▌
█████▄▄         ██████▌
████         ▄████████▌
██████████████████████▌
██████████████████████▌

    ██▄▄             ▄███▄
    ███████▄        ▄████████▄▄
    ██████████     ████████████▌
    ███████████▄ ▄████████████░░
    ████████████████████████░░░░
    ███████████████████████░░░░░
    █████████████████████░░░░░░░
    █████████   ▀▀███████░░░░░░░
    █████████        ▀░░░░░░░░░░
       ▀▀████             ░░░░░░
           ▀▀                 ░░
hennessyhemp
Hero Member
*****
Offline Offline

Activity: 509
Merit: 500


Hempire Loading...


View Profile WWW
March 31, 2015, 05:43:17 PM
 #36

Hey,

Went to send out of my wallet and encountered an issue wherein I press send and nothing happens.  Tried flipping off the wifi and using 3g, then back to wifi, then reboot of phone to no avail.

Help!

Please add more BTC here (my son will apprecciate it when he's older): 14WsxbeRcgsSYZyNSRJqEAmB1MKAzHhsCT
voisine
Member
**
Offline Offline

Activity: 120
Merit: 10


View Profile
March 31, 2015, 11:33:41 PM
 #37

Hey,

Went to send out of my wallet and encountered an issue wherein I press send and nothing happens.  Tried flipping off the wifi and using 3g, then back to wifi, then reboot of phone to no avail.

Help!

Haven't come across that one. Try killing the app by double tapping home and swiping the app upward.
errornone
Member
**
Offline Offline

Activity: 98
Merit: 10

error


View Profile
August 06, 2015, 02:16:08 PM
 #38

I agree. Anything that needs to be downloaded via the iTunes app store, will be, by definition, not open source. Therefore no matter how secure you claim it to be, there is no real way to verify your claims nor any real way to make sure the version being downloaded/used is actually the version being distributed  

Yes, I discussed this problem during my tech talk at 20mission: https://www.youtube.com/watch?v=OQFpUduwCUM

I will be attempting to get deterministic builds for iOS working to address this.  I don't know if it will be possible but I will see if I can do it. I do verify that the app store version is identical to the binary that I uploaded to apple to ensure no apple employee modified it apart from re-signing the code with their key. (you can download the app store binary to iTunes on your desktop) Then at least if the binaries can't be generated perfectly deterministically, they can be made as near to identical as possible by independent third parties and the differences examined.

Great video. Thanks

error
Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1000



View Profile
August 06, 2015, 03:40:14 PM
 #39

Who are using this breadwallet thing? Is it ok? Any experience or what?
I've been using it for quite some time, and yes, without a shadow of a doubt it's THE BEST wallet app for iOS.

Together with Mycelium for Android, they are the two best wallets currently on the market.

If you have an iPhone or iPad, the choice is very simple: use breadwallet, period.

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!