Announcing ♨️steemwallet.app - a fast, secure and open source wallet app for the Steem blockchain (android & ios - out now)

in #utopian-io6 years ago (edited)

For a couple of weeks in July and early August we were housesitting a fabulous place near the beach and it was 35°C (95 °F) for a while, so what better way then spending behind the computer inside? It was during this time @pharesim who was/is travelling (and also paid a visit to the SteemWhale fountain!) came by with his companions in the Steemlambo and we discussed Steem during the night. He mentioned he really missed out on a simple straightforward wallet app for Steem.

We discussed it a bit, I gave it some thoughts, researched a bit more later that night and the next day after I did some more research (I do still dev some apps, sometimes - see https://shoudio.com for previous work) discussed it some more with @pharesim. @pharesim & co took on with their trip and I was just experimenting some with signing transactions with dSteem and broadcasting them using the condensor api. Then I started experimenting with AES256 encryption for an encrypted, secure, wallet-file.

Rest assured this was all just testing, as I wasn't planning on actually building a full app, thinking it would draw too much time, which I desperately needed for @SteemFest, but then I just couldn't leave the idea sitting there on my computer, so I continued at nights resulting in not much sleep :P.

And now it's here. After some legal mumbo jumbo with them apples (needed to enroll with an "organisation" account instead of using my regular individual account - 3 weeks of back & forth reviewing the app - including the app review appeal board (!)) the ♨️steemwallet.app is live and available on both iOS and Android.

The app's complete code is open source, published under a Creative Commons License. So you can head over to my github repo and analyse the signing, storage and encryption of active keys (should you want to use the send-feature, not obligatory) and how the whole app works. The app is build using the open source Titanium Appcelerator app platform, where one can code in a combo of javascript and xml and stylesheets and have that compiled into native code, crossplatform!

I'm quite happy with v1 and here is what you can expect:

With the ♨️steemwallet.app you can monitor any account's balances on the Steem blockchain. Specifically you can:

  • Monitor any account's balances and recent Steem & SBD transactions
  • Optionally store your active key (or have it derived from your password) in a passphrase encrypted wallet file and send Steem & SBD to any user by signing broadcast messages with your key.

Security

Should you decide to use the feature of signing transfer operations (sending steem or sbd), you will need to store your active key into a local wallet file. The contents of this wallet file is encrypted in similar ways as the cli_wallet- (Steem chain's official command line wallet) app. Note, you can also just use the app to monitor one or more steem account's balances and recent transactions.

Here is how the security model works in the ♨️steemwallet.app, as well as several other security related features explained:

  1. The app uses AES256 encryption for storing your wallet file. The AES 256 initialisation vector normally changes with every install of the app so two wallet files with the same passphrase and same key contents would not even look the same. Therefore you also can't export the wallet-file, because you could not even re-import it. This app is therefore not meant to be the single storage place for your private keys!

  2. You have to use an obligatory difficult passphrase before you can create the wallet file. The app uses the zxcvbn library to check the complexity of your passphrase. Don't worry, this happens on your device, not online :P If you forget this passphrase, you would have to delete and reinstall the app and start from scratch by re-importing your key(s).

  3. Parts of the great dSteem library are used, namely the signing of transaction operations as well as public key derivation from active keys and the derivation of your active key should you use a password. The plain text keys are only used for signing the operation and never leave the device.

  4. Devices with Touch ID or Face ID (or Fingerprint on Android) can opt to use that feature to store and retrieve their passphrase onto the device's native keychain, for easier decrypting and signing of operations. How each OS treats the storage of that passphrase is a bit different, but on both iOS and Android those files are encrypted too, on iOS in the so-called secure enclave and on Android in an encrypted .dat file in the app's private-data folder.

  5. When sending to some account, the existence of the account is checked prior to actually broadcasting the transaction.

  6. Also when sending to some account, the app check's whether the address is not on the 'bad actors list'. If you (accidentally) try to send to one of these known fraudulent accounts the app prevents you from sending there.

  7. When sending, and you add a memo, the app validates the memo with a simple sanity check (again, all happening on device) to see if you did not (accidentally) paste a key (following this algorithm: starting with 5, 51 chars length) in the memo field. If that would be the case, the memo field would be reset and you alerted.

  8. No tracker software is installed, analytics are disabled. The only data which is send from the device is requested blockchain information, calls to the condensor api hosted on api.steemit.com and signed operations. Oh, and the device connects to Coinmarketcap sometimes to retrieve the steem/sbd prices. However, seeing their api is going to deprecate, will change this in December to another price provider (most probs self-hosted, and multiple currencies beyond just USD).

Having said all this, I would encourage you to check the app's source code, especially the decrypt and encrypt parts.

Also I would firmly DIScourage you to use the send / active key encrypted storage features if you are using the app on a rooted or jailbroken device, simply because the integrity of the Operating System you are using might not be guaranteed.

Other features of the app:

  1. Add multiple accounts (as many as you like): Start of by adding one account, but then tapping on your main account name, will open an 'account picker dialog' where you can opt to add more accounts. You can monitor a whole list of accounts. If you hit send, you can add the active key for the selected account, should you have it. It is not required to have active keys on storage for just monitoring an account.

  2. QR scanner built in: At certain points in the app (in the 'send to:' and 'import private key' you can opt to fire up an in-app QR scanner, so you don't have to copy paste your active key, but can scan it from example from the security page on Steemit.

  3. QR code for 'receiving': An on device QR code library generates a unique colourful QR code to present to anyone who wants to send Steem or SBD to you.

  4. Integration of SBD / Steem to USD prices. The app regularly updates with Coinmarketcap and shows you the current worth in fiat, should you be interested in that.

Updates waiting to be reviewed and released by Apple (already live for Android):

  • more transaction history visible

Feature requests already added to github:

  • Implementing Steem's custom url signing for broadcasting any operation onto the Steem chain, using the ♨️steemwallet.app
  • Implementing other fund related operations to be displayed in the transactions history (market_orders, transfer_to_vesting, powering up etc)

Want the app in your native language?
Feel free to checkout the english language dictionary file on github, copy it, and make a pull request, following these instructions: https://github.com/roelandp/steemwallet#feature-requests-pull-requests



Download the ♨️SteemWallet.app for iOS or Android

https://steemwallet.app

View source: https://github.com/roelandp/steemwallet

SteemFest 3: 7 - 11 november 2018, Kraków Poland

SteemFest ticketshop opened 2 days ago! Check out my post about it here!

Sort:  
  • Great contribution and advancement for the STEEM blockchain.
  • Could have used build instructions.
  • Just one commit? Looks like this was a secret for a while.

Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, click here.


Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]

Thank you for your review, @helo!

So far this week you've reviewed 3 contributions. Keep up the good work!

  1. Thanks!
  2. Good input, basically is: Install appcelerator cli. https://wiki.appcelerator.org/display/guides2/Appcelerator+CLI+Getting+Started then: appc run.
  3. Yes I first wanted to get this app under review and passed review by apple. From now on it will see commits. Like your translation :) Thanks!

Most definitely looking forward to trying out and using the wallet.

I downloaded it :)
Thank you for a wonderful application!!

60247DE9-7285-47EB-8BD8-5568C5F3001C.png

Nicee! tip: if you want to follow / switch to other accounts, just tap on your username to do so.

Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately].

what is this?

Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately].

excellent app something like this was missing, this way you can be more secure of our time and easier to send a transfer thanks friend @roelandp

Wonderful infos and great work @roelandp to introduce the app with amazing features. steemwallet.app is no doubt a great addition and contribution here on Steem Blockchain. Lots of appreciations and support for you.
Here is wallet i downloaded.

Screenshot_20180825-163852.png

If you want to follow and switch to other accounts, just tab your username to add & switch other accounts!

Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately].

can you elaborate what you are saying?

Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately]. Steem transfer error: [invalid trans: 1059], [report lost steem immediately].

Cool app, I really like it. The design looks very nice too. It is very useful for someone like me because I am not tech savvy and with this app, I can check my balance on the go without having to log in using a browser every time.

TakosDiary Tako's Diary

thank you!

I downloaded and tried it. This is a good idea for checking the wallet on the go. The best thing about it is I can send and receive STEEM using QR code. I haven't tried to send or receive STEEM using QR code yet but I will try this feature soon.

I'm using note8 (on a full screen mode) and I notice that on the bottom of the app there is a Create Wallet function but when I click on it nothing happens. @roelandp

Screenshot_20180825-235607.jpg

haha omg thanks for this. Thats the other views which should be hidden. Because you use the fullscreen mode and not the 'touchscreen' buttons, you see those. I will investigate this. thanks!

Made an issue out of it: https://github.com/roelandp/steemwallet/issues/6

I used "Android Debug Bridge ADB commands" to disable the Navigation bar and the status bar. Once applied the Navigation bar on Note8 will be hidden at all time. It's a small tweak and so far so good. I also provide these commands below in case you need them.

run: adb shell settings put global policy_control immersive.navigation=apps,-com.samsung.android.app.smartcapture
run: adb shell wm overscan 0,0,0,-168

aha thx. hackor! :P so you would say the "fullscreen" mode is something you 'hacked' and is not available to all users?

Or do you mean in your most recent reply that that fixed the viewport for the app for your fullscreen mode?

looking fwd.

@carlpei can you tell me, do you first launch the app and then go to fullscreen? Is this a native option of your android device?

I want to fix this, it's pretty ugly this way.

Hi, I just installed the app. Great work by the way, thanks so much! I also use it on a Note 8, and the app natively launched showing the bottom bit 'create wallet'. We have the option to hide or show the navigation keys at the bottom. If they're turned on, the 'create wallet' section isn't visible any longer even in fullscreen mode (as it natively launched). Feel free to ask if you need more info or screenshots on this.

you are an absolute boss.

Great product, Roeland!

Finally I can show my friends some 7-digit numbers on my phone :-P

IMG_1165.PNG

interesting that decimal points are represented with commas, and 3 digit separates with periods. Is that a bug?

In Europe we seperate the numbers like that.

hehehe. Tap on the username to add as many accounts as you like! You should add @steemit :)

You should add @steemit :)

Done :-)

Heh. Good old Ned's power down

Yeah, lots of liquid cash in there :-)

@roelandp Thank you for creating an awesome Steem Wallet App! Could you please add some more features that the App can be also monitoring such as the main SP, Steem/SBD current live rate and also Estimated Account Value? I would love to see it that way! This is just my personal idea.
Thank you in advance!

Yes thanks, will look into some of the features, however the idea is to keep the app 'lightweight' and fund related, but i will look into adding whatever I can and looks good.

Thanks for your suggestions.