Unverified Commit 70148761 authored by Leo Wandersleb's avatar Leo Wandersleb
Browse files

update some reviews, add iphone to some android

parent e2d1a540
---
wsId:
wsId: digifinex
title: "DigiFinex - Buy & Sell Bitcoin, Crypto Trading"
altTitle:
authors:
......
---
wsId:
wsId: dowallet
title: "DoWallet: Bitcoin Wallet. A Secure Crypto Wallet."
altTitle:
authors:
......@@ -31,10 +31,6 @@ providerFacebook:
providerReddit:
redirect_from:
- /dowallet/
- /com.dowallet/
- /posts/2019/11/dowallet/
- /posts/com.dowallet/
---
......
---
wsId:
wsId: enjin
title: "Enjin: Bitcoin, Ethereum, NFT Crypto Wallet"
altTitle:
authors:
......@@ -31,10 +31,6 @@ providerFacebook: enjinsocial
providerReddit: EnjinCoin
redirect_from:
- /enjin/
- /com.enjin.mobile.wallet/
- /posts/2019/11/enjin/
- /posts/com.enjin.mobile.wallet/
---
......@@ -45,12 +41,13 @@ description starts promising:
They advertise advanced securing techniques among which are:
> "An extensive independent security audit and penetration test found no
> security issues."
> An extensive independent security audit and penetration test found no security
issues.
(You can read the report [here](https://cdn.enjin.io/files/pdfs/enjin-wallet-security-audit.pdf))
(You can read the report
[here](https://cdn.enjin.io/files/pdfs/enjin-wallet-security-audit.pdf))
but source code isn't available on [their website](https://github.com/enjin).
But source code isn't available on [their website](https://github.com/enjin).
So the user is left with only one choice: trust.
Our verdict: **not verifiable**.
......@@ -65,10 +62,15 @@ Other observations
> safety of your crypto wallet."
looks very advanced, the list of features is tremendous. also an old player:
"ABOUT ENJIN
Founded in 2009 and based in Singapore, Enjin offers an ecosystem of integrated, user-first blockchain products that enable anyone to easily manage, explore, distribute, and integrate blockchain-based assets."
> ABOUT ENJIN<br>
Founded in 2009 and based in Singapore, Enjin offers an ecosystem of
integrated, user-first blockchain products that enable anyone to easily
manage, explore, distribute, and integrate blockchain-based assets.
on their main page, they advertise advanced securing techniques amongst which are:
- "An extensive independent security audit and penetration test found no security issues." (with ability to read the [report](https://cdn.enjin.io/files/pdfs/enjin-wallet-security-audit.pdf))
- "Custom ARM instructions ensure that sensitive data is instantly deleted from your phone's memory."
- "Enjin Keyboard. Built from scratch to protect you from any form of data sniffing or keyloggers."
> * Custom ARM instructions ensure that sensitive data is instantly deleted from
your phone's memory.
> * Enjin Keyboard. Built from scratch to protect you from any form of data
sniffing or keyloggers.
---
wsId:
wsId: evercoin
title: "Evercoin: Bitcoin, Ripple, ETH"
altTitle:
authors:
......@@ -31,8 +31,7 @@ providerFacebook: evercoin
providerReddit:
redirect_from:
- /com.evercoin/
- /posts/com.evercoin/
---
......@@ -41,7 +40,7 @@ This app's description says:
> Evercoin is an integrated non-custodial wallet for managing and exchanging
cryptocurrencies.
So ... is there source coude to reproduce the build?
So ... is there source code to reproduce the build?
Unfortunately there is no mention of source code anywhere. Absent source code
this app is **not verifiable**.
---
wsId:
wsId: ezdefi
title: "ezDeFi - Crypto & Bitcoin Wallet"
altTitle:
authors:
......@@ -31,7 +31,6 @@ providerFacebook: ezdefi
providerReddit:
redirect_from:
- /com.ezdefi/
---
......@@ -40,7 +39,7 @@ Features like
> By eliminating encryption phrase, new users can simply make purchases with
just a wallet password or biometric.
sound very custodial. Althogh this is
sound very custodial. Although this is
> A new Ez Mode [...] to make cryptocurrencies accessible to new users.
......
......@@ -37,16 +37,19 @@ redirect_from:
This app is a custodial offering:
> SECURE STORAGE
>
> Swipe users can have peace-of-mind knowing their assets are covered under a $100M insurance policy with our custodian. All User deposited funds are stored in cold storage with a trusted custodian. Having these funds in a cold storage wallet ensures our users that their funds are safe and easily accessible through the Swipe Network on the Swipe Wallet
> SECURE STORAGE<br>
Swipe users can have peace-of-mind knowing their assets are covered under a
$100M insurance policy with our custodian. All User deposited funds are stored
in cold storage with a trusted custodian. Having these funds in a cold storage
wallet ensures our users that their funds are safe and easily accessible
through the Swipe Network on the Swipe Wallet.
This contradicts itself. Being in cold storage should mean that it's precisely
not easily accessible via network. What's on the network is by definition a
"hot" wallet.
The website lists "coinbase | custody" and "BitGo" as custodians, which means
you not only have to trust them to but also two other services to make sure your
you not only have to trust them but also two other services to make sure your
and all the other clients' funds are being accounted for with funds in their
custody.
......
......@@ -19,7 +19,7 @@ issue:
icon: io.safepal.wallet.png
bugbounty:
verdict: nosource # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2020-12-14
date: 2021-04-26
reviewStale: true
signer:
reviewArchive:
......@@ -31,26 +31,15 @@ providerFacebook:
providerReddit:
redirect_from:
- /io.safepal.wallet/
---
On Google Play they claim
**Update 2021-04-26**: Now some months after the original review, Google finds
some things that confirms the claims of Binance "investing" in SafePal. The best
link is probably
[this article on SafePal by Binance](https://research.binance.com/en/projects/safepal).
> SafePal is one of the earliest crypto wallet brands invested and backed by
Binance
While Binance did review some SafePal hardware wallet, we can't find Binance
supporting the claim of investment. In particular, SafePal links to
[this Binance site](https://labs.binance.com/) where we find a list of
investments but no mention of SafePal.
On their website there is a whole list of "global leaders" that backed them but
here, the "Binance labs" link is a different one and
[dead](https://www.binancelabs.co/),
[this sponsor's website](https://bittemple.io/) uses a totally wrong ssl
certificate and none of the other supposed backers mentions SafePal on the
linked pages.
The app being closed source remains an issue:
> SafePal cryptocurrency wallet application is a decentralized application.
The mnemonic phrase is stored by users. SafePal does not read or store
......
---
wsId:
wsId: mw.org.freewallet
title: "Freewallet: Bitcoin & Crypto Blockchain Wallet"
altTitle:
authors:
......@@ -31,15 +31,16 @@ providerFacebook: freewallet.org
providerReddit:
redirect_from:
- /mw.org.freewallet.app/
- /posts/mw.org.freewallet.app/
---
According to the description
> In addition, the majority of cryptocurrency assets on the platform are stored in an offline vault. Your coins will be kept in cold storage with state of the art security protecting them.
> In addition, the majority of cryptocurrency assets on the platform are stored
in an offline vault. Your coins will be kept in cold storage with state of the
art security protecting them.
this is a custodial app.
This is a custodial app.
Our verdict: **not verifiable**.
---
wsId: safepal
wsId:
title: "SafePal - Crypto Wallet BTC"
altTitle:
- leo
appId: com.anbi.safepal
idd: 1449232593
released: 2019-03-01
......@@ -33,6 +33,7 @@ redirect_from:
---
This app appears to have disappeared from the App Store but
* we reviewed the [Android version](/android/io.safepal.wallet)
* their website links to
[a different wallet on the App Store](/iphone/walletapp.safepal.io), so they
......
---
wsId:
wsId: digifinex
title: "DigiFinex - Bitcoin Exchange"
altTitle:
authors:
......@@ -13,24 +13,29 @@ version: "2021.04.21"
score: 3.66667
reviews: 3
size: 370974720
developerWebsite:
developerWebsite: https://www.digifinex.com
repository:
issue:
icon: com.digifinex.app.jpg
bugbounty:
verdict: wip # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2020-12-22
verdict: custodial # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2021-04-26
reviewStale: true
signer:
reviewArchive:
providerTwitter:
providerLinkedIn:
providerFacebook:
providerReddit:
providerTwitter: DigiFinex
providerLinkedIn: digifinex-global
providerFacebook: digifinex.global
providerReddit: DigiFinex
redirect_from:
---
> DigiFinex is a world’s leading crypto finance exchange
doesn't sound like "wallet" is their primary business and as we can't find any
claims to the contrary, we have to assume this is a custodial offering and thus
**not verifiable**.
---
wsId:
wsId: dowallet
title: "DoWallet Bitcoin Wallet"
altTitle:
authors:
......@@ -18,8 +18,8 @@ repository:
issue:
icon: com.dowallet.dowallet.jpg
bugbounty:
verdict: wip # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2020-12-22
verdict: nosource # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2021-04-26
reviewStale: true
signer:
reviewArchive:
......@@ -34,3 +34,17 @@ redirect_from:
---
This wallet sounds like non-custodial. From their description:
> ✓ Simple account creation.
> ✓ Simplified backup and recovery with a 12 word backup phrase.
And from their website:
> We take your security and privacy seriously.
Managing your own private keys is not easy. We are here to help.
Yet we cannot find any link to their source code on Google Play or their website
or doing a [search on GitHub](https://github.com/search?q="com.dowallet").
Our verdict: This wallet is **not verifiable**.
---
wsId:
wsId: enjin
title: "Enjin: NFT Crypto Wallet"
altTitle:
authors:
......@@ -18,19 +18,59 @@ repository:
issue:
icon: com.enjin.mobile.wallet.jpg
bugbounty:
verdict: wip # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2020-12-22
verdict: nosource # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2021-04-26
reviewStale: true
signer:
reviewArchive:
providerTwitter:
providerLinkedIn:
providerFacebook:
providerReddit:
providerTwitter: enjin
providerLinkedIn: enjin
providerFacebook: enjinsocial
providerReddit: EnjinCoin
redirect_from:
---
Enjin: Blockchain & Crypto Wallet
description starts promising:
> "Your private keys are your own"
They advertise advanced securing techniques among which are:
> An extensive independent security audit and penetration test found no security
issues.
(You can read the report
[here](https://cdn.enjin.io/files/pdfs/enjin-wallet-security-audit.pdf))
But source code isn't available on [their website](https://github.com/enjin).
So the user is left with only one choice: trust.
Our verdict: **not verifiable**.
Other observations
------------------
> in-app browsing:
> "ENJOY SEAMLESS BROWSING
> Interact with any DApp with the single click of a button—without leaving the
> safety of your crypto wallet."
looks very advanced, the list of features is tremendous. also an old player:
> ABOUT ENJIN<br>
Founded in 2009 and based in Singapore, Enjin offers an ecosystem of
integrated, user-first blockchain products that enable anyone to easily
manage, explore, distribute, and integrate blockchain-based assets.
on their main page, they advertise advanced securing techniques amongst which are:
> * Custom ARM instructions ensure that sensitive data is instantly deleted from
your phone's memory.
> * Enjin Keyboard. Built from scratch to protect you from any form of data
sniffing or keyloggers.
---
wsId:
wsId: evercoin
title: "Evercoin: Bitcoin, Ripple, ETH"
altTitle:
authors:
......@@ -13,24 +13,33 @@ version: "1.9.5"
score: 4.65702
reviews: 2764
size: 63333376
developerWebsite:
developerWebsite: https://evercoin.com
repository:
issue:
icon: com.evercoinInc.evercoin.jpg
bugbounty:
verdict: wip # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2020-12-22
verdict: nosource # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2021-04-26
reviewStale: true
signer:
reviewArchive:
providerTwitter:
providerTwitter: everc0in
providerLinkedIn:
providerFacebook:
providerFacebook: evercoin
providerReddit:
redirect_from:
---
This app's description says:
> Evercoin is an integrated non-custodial wallet for managing and exchanging
cryptocurrencies.
So ... is there source code to reproduce the build?
Unfortunately there is no mention of source code anywhere. Absent source code
this app is **not verifiable**.
---
wsId:
wsId: ezdefi
title: "ezDeFi-Crypto & Bitcoin Wallet"
altTitle:
authors:
......@@ -13,24 +13,35 @@ version: "0.3.3"
score: 4.73332
reviews: 15
size: 60874752
developerWebsite: https://ezdefi.com/
developerWebsite: https://ezdefi.com
repository:
issue:
icon: com.ezdefi.nexty.jpg
bugbounty:
verdict: wip # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2020-12-22
verdict: custodial # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2021-04-26
reviewStale: true
signer:
reviewArchive:
providerTwitter:
providerTwitter: ezDeFi
providerLinkedIn:
providerFacebook:
providerFacebook: ezdefi
providerReddit:
redirect_from:
---
Features like
> By eliminating encryption phrase, new users can simply make purchases with
just a wallet password or biometric.
sound very custodial. Although this is
> A new Ez Mode [...] to make cryptocurrencies accessible to new users.
there are no explicit claims about the app being non-custodial otherwise, which
is why we have to assume it's custodial all the way and thus **not verifiable**.
......@@ -18,19 +18,38 @@ repository:
issue:
icon: com.swipe.wallet.jpg
bugbounty:
verdict: wip # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2020-12-22
verdict: custodial # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2021-04-26
reviewStale: true
signer:
reviewArchive:
providerTwitter:
providerTwitter: SwipeWallet
providerLinkedIn:
providerFacebook:
providerFacebook: Swipe
providerReddit:
redirect_from:
---
This app is a custodial offering:
> SECURE STORAGE<br>
Swipe users can have peace-of-mind knowing their assets are covered under a
$100M insurance policy with our custodian. All User deposited funds are stored
in cold storage with a trusted custodian. Having these funds in a cold storage
wallet ensures our users that their funds are safe and easily accessible
through the Swipe Network on the Swipe Wallet.
This contradicts itself. Being in cold storage should mean that it's precisely
not easily accessible via network. What's on the network is by definition a
"hot" wallet.
The website lists "coinbase | custody" and "BitGo" as custodians, which means
you not only have to trust them but also two other services to make sure your
and all the other clients' funds are being accounted for with funds in their
custody.
Anyway, this is all **not verifiable**.
---
wsId:
wsId: mw.org.freewallet
title: "Multi Crypto Wallet-Freewallet"
altTitle:
authors:
......@@ -18,19 +18,28 @@ repository:
issue:
icon: mw.org.freewallet.app.jpg
bugbounty:
verdict: wip # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2020-12-22
verdict: custodial # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2021-04-26
reviewStale: true
signer:
reviewArchive:
providerTwitter:
providerTwitter: freewalletorg
providerLinkedIn:
providerFacebook:
providerFacebook: freewallet.org
providerReddit:
redirect_from:
---
According to the description
> In addition, the majority of cryptocurrency assets on the platform are stored
in an offline vault. Your coins will be kept in cold storage with state of the
art security protecting them.
This is a custodial app.
Our verdict: **not verifiable**.
---
wsId:
wsId: safepal
title: "SafePal Wallet"
altTitle:
authors:
......@@ -13,19 +13,19 @@ version: "2.5.9"
score: 3.66667
reviews: 90
size: 115787776
developerWebsite: https://www.safepal.io/
developerWebsite: https://www.safepal.io
repository:
issue:
icon: walletapp.safepal.io.jpg
bugbounty:
verdict: wip # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2021-01-16
verdict: nosource # wip fewusers nowallet nobtc obfuscated custodial nosource nonverifiable reproducible bounty defunct
date: 2021-04-26
reviewStale: true
signer:
reviewArchive:
providerTwitter:
providerTwitter: iSafePal
providerLinkedIn:
providerFacebook:
providerReddit:
......@@ -34,3 +34,16 @@ redirect_from:
---
**Update 2021-04-26**: Now some months after the original review, Google finds
some things that confirms the claims of Binance "investing" in SafePal. The best
link is probably
[this article on SafePal by Binance](https://research.binance.com/en/projects/safepal).
The app being closed source remains an issue:
> SafePal cryptocurrency wallet application is a decentralized application.