Connect with us

Hi, what are you looking for?

Bitcoin Takeover

Bitcoin

S5 E2: Leo Wandersleb on WalletScrutiny & Why Samourai Isn’t That Great

Leo Wandersleb is the creator of WalletScrutiny.com, a website which checks the verifiability & open sourceness of Android BTC wallets.

Leo Wandersleb, lead developer of Mycelium Android wallet, has an unusual yet useful fascination with open sourceness and verifiability. In his quest to understand how Bitcoin wallets work, he sought to take “Don’t trust, verify” motto to the absolute limits.

Call it community service or selfish attempt to analyze Mycelium’s competition, but his website WalletScrutiny.com is an incredible resource to better understand how some of the most popular mobile wallets in the Google Play Store (Android) work.

In a nutshell, the Wallet Scrutiny tries to answer the question “How likely is it that the developers of this wallet are malevolent and can steal my bitcoins with sneaky code inserts?”.

For the sake of determining the quality and security of mobile wallets, Leo Wandersleb has created a 3-step process:

  1. At first he looks at the custodianship of the wallet. If users manage their own private keys and don’t require to trust a third party, then the wallet is non-custodial and therefore better for financial sovereignty.
  2. Then he checks to see if the wallet is open source. If there is a public repository which contains all the files that can also be downloaded from the Google Play Store, then the security potential of the wallet is greater. However, open source does not always mean secure or properly audited.
  3. Finally, he compiles the app from the source code to see if the result is the same as what you can download from the Google Play Store. Sometimes the repositories are not properly maintained and significant differences can be found – which is a red flag that means that the developers are either negligent or have something to hide in their releases.

On the basis of this process, Wandersleb has created 4 categories of Android BTC wallets:

  • custodial (Coinbase, Abra, Xapo, Luno, Bitrefill, Wallet of Satoshi);
  • closed source (Coinomi, Trust, Jaxx, Guarda, BitPie, Magnum);
  • open source but not verifiable (Blockchain, BRD, BitPay, Edge, Samourai, Blue, Phoenix, Zap, Lightning Labs);
  • verifiable (Blockstream Green, ABCore, Schildbach, Airgap Vault).

This episode offers more details about various wallets and their review process, and a significant amount of time is dedicated to discussions about Samourai Wallet – a popular privacy Bitcoin wallet which somehow fails the verifiability test in spite of multiple requests to publish the necessary code.

Listen to Leo Wandersleb on iTunes & Spotify!

If you don't have an account on iTunes or Spotify (or simply want more privacy), use this player.

Time Stamps:

00:46 – Introduction

02:15 – Categorization of mobile wallets on WalletScrutiny.com

3:50 – What verifiability means for wallets, and why verifiable does not mean verified

6:40 – Why verifiability matters to make sure that the wallet developers are not hacking you

9:40 – Which wallets are listed as verifiable on WalletScrutiny.com?

12:20 – Why Coinomi wallet is not open source

13:05 – Coinbase is custodial and should be avoided

15:21 – Some of the most popular mobile wallets also happen to be the worst

18:25 – Wallets that are popular, open-source, but not verifiable 

19:08 – Samourai Wallet is not verifiable

22:10 – How reproducibility works at MyCelium to prevent abuses by release managers

24:20 – More arguments against Samourai

29:20 – Android’s interesting security

31:27 – Google Play vs F-Droid

33:55 – What about iOS wallets, are they verifiable? 

35:20 – Blockstream Green and why it’s great

37:20 – Coinbase vs Samourai for the average user

40:30 – Why it’s better to be careful with mobile wallet updates

45:40 – In the “Don’t trust, verify” issue, what can the average user actually verify?

48:40 – Leo fails at marketing his own project

50:40 – Why builders are the best

51:10 – Companies exploiting the ignorance of newbies 

53:00 – Satoshi was honest about Bitcoin’s limitations 

55:30 – Why MyCelium’s iOS wallet is terrible and not recommended, but the Android version is better

59:10 – MyCelium vs Blockstream Green 

1:00:30 – Collecting fees from routing Lightning Network transactions

1:02:48 – Lightning Network Routing

1:06:00 – Best mobile wallet for ease of use and open source verifiability 

1:09:00 – Wallet Scrutiny [dot] com and its methodology 

1:10:30 – How much does reputation matter in the Bitcoin space?

Donate to Bitcoin Takeover!

3MZa7eVYg8h23fSZVEJVqu9DSukmfUS1Zp

50% of the satoshis sent to this address will be donated to BTCPay server development. So we can truly make BitPay obsolete by having the best and most user-friendly payments processor.

Written By

I'm here for the freedom, censorship-resistance, and unconfiscatability. What about you?

Click to comment

So, what do you think?

Read the Bitcoin Whitepaper!

Get the BTCTKVR Newsletter!

Only trade with hard money!

Vaultoro enables traders to get paid negative trading fees. This is one of the best crypto exchanges in 2020, enabling anyone to trade crypto to crypto and crypto to gold and silver bullion. And market makers receive a negative trading fee.

Bitcoin Exchange rates

1 BTC = 40681.2400 USD
1 BTC = 40639.2600 USDT
1 BTC = 34432.0000 EUR
1 BTC = 29000.2500 GBP
1 BTC = 54716.7200 AUD
1 BTC = 50615.7000 CAD
1 BTC = 4460343.2400 JPY
1 BTC = 256000.0000 CNY
1 BTC = 148438.7800 RON

BitBox02: 5% Price Discount, 100% Swiss-Made Security

Steel plates are better than paper!

You May Also Like

Bitcoin

Public keys, receiving addresses, and UTXOs are three concepts with which even some of the most seasoned bitcoiners sometimes struggle to juggle. They are...

Bitcoin

Before our discussion from S5 E1, Bobby Lee really wanted me to try the Ballet wallets. So he arranged that I would receive samples...

Bitcoin

Bitcoin wallets are an essential part of financial sovereignty. In a nutshell, they are the interface which helps us interact with the Bitcoin blockchain....

Bitcoin

Nopara73 explains the origins of P2EP (Pay to End Point) and how it all works, but also gives security and privacy recommendations.