Mobile Wallet - Testers needed

[rgcrypto]

Please give me your input on this Mobile Wallet Coming soon page.
Let me know if it is ready to go.

http://bit.ly/BitUSD-Wallet

PS: People will be able to use their affiliate ?r= on this funnel and the email will be available in the future for anything related to BitUSD project.

[ElMato]

No for the mid Feb release.
We plan to support it later when the mail subsystem is well tested. Anyway you will have some level of privacy choosing from which balances you want to spend and to which balance you want to receive.

[clayop]

@rgcrypto, we are aiming for mid-february.

Will you support TITAN?

[ElMato]

@rgcrypto, we are aiming for mid-february.

[rgcrypto]

I am very excited about the BitUSD wallet.
When do you think we can expect it to launch?

(I want to build a funnel with a coming soon page, collect emails and then notify them as soon as it is released)

[fluxer555]

No, MITM attacks are not possible since we are talking with an https service.
Put in another way, we have the same risk as a the Coinbase wallet.

The vulnerability until [1] is resolved will only arise if our api server is compromised.
But even in that case the attacker can't steal your private keys, he can only modify the destination of your transaction.
Remember the server doesn't know about your private keys, he only knows your public keys.

[1] will be soon added to the client.

What's stopping a compromised central server from sending false validation back to the wallet?

[Rune]

Yahhman your android wallet is working great on my device. Nice work!
I'd love to see a Mycellium-like Exchange feature where we can post meetup offers to exchange BTS or bitUSD for cash. Bitshares P2P gateway to/from cash in your pocket.   

This would be super sweet.

How far down are the long term plans full decentralized exchange functionality? I guess implementing that won't be so simple, but trading directly on the phone would be pretty neat though.

[bitmarley]

Yahhman your android wallet is working great on my device. Nice work!
I'd love to see a Mycellium-like Exchange feature where we can post meetup offers to exchange BTS or bitUSD for cash. Bitshares P2P gateway to/from cash in your pocket.   

[ElMato]

Thank you ElMato. So until [1] is resolved, there is a potential for a 'man-in-the-middle' attack? What vulnerability is there without [1] resolved?

No, MITM attacks are not possible since we are talking with an https service.
Put in another way, we have the same risk as a the Coinbase wallet.

The vulnerability until [1] is resolved will only arise if our api server is compromised.
But even in that case the attacker can't steal your private keys, he can only modify the destination of your transaction.
Remember the server doesn't know about your private keys, he only knows your public keys.

[1] will be soon added to the client.

[fluxer555]

Thank you ElMato. So until [1] is resolved, there is a potential for a 'man-in-the-middle' attack? What vulnerability is there without [1] resolved?

[ElMato]

How much trust is involved with using a central server? What kind of vulnerabilities are exposed with this?

He's basically running an api server. Unless the wallet itself is malware and sends him the private keys all the server is doing is processing signed and encrypted transactions.

Brilliant.

Sent from my Timex Sinclair

@fluxer555 i find your concerns very important because those are the same questions i ask before using any kind of wallet.

So let me explain a little more how the wallet works.

As far as i know, every BitShares lightweight client will need the assistance of a central server.

The alternative will be to implement something like this
https://blog.ethereum.org/2015/01/10/light-clients-proof-stake/
in the core.


Mobile wallet

1) The first time the client runs private keys are generated in the phone.
    (in Android we use bitcoinj => SecureRandom [with PRNGFixes], basically /dev/urandom)
    (in iOS we are using CoreBitcoin => /dev/random)

2) Every time the client wants to make a transaction he asks the server something like this.

   - I want to transfer 10 USD from A,B,C to Z

3) The server returns an UNSIGNED transaction [1] that fulfills the client requirement (10 USD to Z)


4) The client using his local private keys signs the transaction, and ask the server to forward it to the network.

This is the basic usage.

[1] The client is NOT validating yet that the transaction built by the server is in fact what i asked the server to do.

If the server is compromised and we have [1] resolved, there is no much harm that an attacker could possible do in terms of stolen funds. (Of course it will disrupt normal operation)

The code is open, so you can take a look at it and build your own binaries if you don't trust ours!

[lzr1900]

When will this officially be released on the actual App Store? I assume sometime after the Bitshares 1.0 release?

[islandking]

When will this officially be released on the actual App Store? I assume sometime after the Bitshares 1.0 release?

[Riverhead]

How much trust is involved with using a central server? What kind of vulnerabilities are exposed with this?

He's basically running an api server. Unless the wallet itself is malware and sends him the private keys all the server is doing is processing signed and encrypted transactions.

Brilliant.

Sent from my Timex Sinclair

[xeroc]

He could simply deny to forward your tx ... thats about it .. but i havent check the sources