2019-12-20-it.airgap.vault.md 3.21 KB
Newer Older
1
---
Leo Wandersleb's avatar
Leo Wandersleb committed
2
title: "AirGap Vault - Tezos, Cosmos, Ethereum, Bitcoin"
3 4
altTitle: 

Leo Wandersleb's avatar
Leo Wandersleb committed
5
users: 5000
6
appId: it.airgap.vault
7
launchDate: 2018-08-06
Leo Wandersleb's avatar
Leo Wandersleb committed
8 9
latestUpdate: 2020-04-02
apkVersionName: "3.1.0"
10
stars: 4.2
Leo Wandersleb's avatar
Leo Wandersleb committed
11
ratings: 31
12
reviews: 12
Leo Wandersleb's avatar
Leo Wandersleb committed
13
size: 7.7M
14 15
website: https://airgap.it/
repository: https://github.com/airgap-it/airgap-wallet
16
issue: https://github.com/airgap-it/airgap-wallet/issues/18
17 18
icon: it.airgap.vault.png
bugbounty: 
Leo Wandersleb's avatar
Leo Wandersleb committed
19
verdict: verifiable # May be any of: wip, fewusers, nowallet, nobtc, custodial, nosource, nonverifiable, verifiable, bounty, defunct
Leo Wandersleb's avatar
Leo Wandersleb committed
20
date: 2020-01-06
Leo Wandersleb's avatar
Leo Wandersleb committed
21
reviewStale: true
Leo Wandersleb's avatar
Leo Wandersleb committed
22
reviewArchive:
Leo Wandersleb's avatar
Leo Wandersleb committed
23 24 25 26 27
- date: 2019-12-29
  version: "3.0.0"
  apkHash: d3bb8f0c7c30119405ef9b6c00ca5574e89da76d8ca5208aecc3530bf24e1987
  gitRevision: 1b2995ed2db18e2517812f7fbb3b2aca04a4653e
  verdict: nonverifiable
Leo Wandersleb's avatar
Leo Wandersleb committed
28

29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54
internalIssue: 92
providerTwitter: AirGap_it
providerLinkedIn: 
providerFacebook: 
providerReddit: https://www.reddit.com/r/AirGap/

permalink: /posts/it.airgap.vault/
redirect_from:
  - /it.airgap.vault/
---


We found this app reviewing [AirGap Wallet](/it.airgap.wallet/). These two apps
work in concert. *AirGap Wallet* does the communication to the web and *AirGap
Vault* holds the private keys, ideally on a phone that doesn't have internet.
This is certainly an interesting approach.

> the private key is generated and securely stored on another device with the
  AirGap Vault app.

This claims to be a non-custodial app.

On the description there is no mention of Open Source but on the website there
is a link to [GitHub](https://github.com/airgap-it/airgap-wallet).

Let's see how far we get building this app, version `3.0.0`. The build
Leo Wandersleb's avatar
Leo Wandersleb committed
55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70
instructions explain how to run the app, not how to build the release version
and the actual build instructions are at the time of this writing only to be
found in
[the issue we opened with them](https://github.com/airgap-it/airgap-wallet/issues/18).

The new build instructions are also not without issues:

* Each app build requires building a new Docker image
* The Docker image is huge with its 6.24GB
* The Docker container is also persisted for subsequent extraction of the APK.
* We have to edit a versioned file (`config.xml`)
* We have to know a `BUILD_NR` (14555 for the current build) and don't
  understand yet where that is supposed to come from.

But as we have not yet established strict rules of how easy or "standard"
build instructions have to be, we go with it:
71 72

```
Leo Wandersleb's avatar
Leo Wandersleb committed
73 74 75 76 77 78 79 80 81 82
$ sed -i -e "s/version=\"0.0.0\"/version=\"3.0.0\"/g" config.xml
$ docker build -f build/android/Dockerfile -t airgap-vault --build-arg BUILD_NR="14555" --build-arg VERSION="3.0.0" .
$ docker run --name "airgap-vault-build" airgap-vault echo "container ran."
$ docker cp airgap-vault-build:/app/android-release-unsigned.apk airgap-vault-release-unsigned.apk
$ apktool d -o fromBuild airgap-vault-release-unsigned.apk 
$ diff --brief --recursive from*
Files fromBuild/apktool.yml and fromPlay/apktool.yml differ
Files fromBuild/original/META-INF/MANIFEST.MF and fromPlay/original/META-INF/MANIFEST.MF differ
Only in fromPlay/original/META-INF: PAPERS.RSA
Only in fromPlay/original/META-INF: PAPERS.SF
83 84
```

Leo Wandersleb's avatar
Leo Wandersleb committed
85 86 87 88 89
`apktool.yml` is generated by apktool in the prior command. The other three files
are the expected missing signature.

Our verdict: This wallet is **verifiable**.