We just launched https://walletscrutiny.com/ where we tried to reproduce each app as it is found on Google Play at the moment of our analysis and to our surprise even most open source wallets were not verifiable.
Verifiability is a big deal! I am the release manager of a wallet and if my colleagues would not verify every release that I build, a gun to the head might be all it takes to get an update released that leaks all the backups of all the users to an evil guy who then could wait until the funds under his control plateau, to press the button and grab it all. He could steal the funds of all users at once.
How do you know the wallet you are using doesn't have a backdoor like that? Good track record is no guarantee to not come under distress in the future. Providers might hand over the reign to good paying buyers, too.
[link] [comments]
No comments:
Post a Comment