Was useless anyways and full of shitcoineries. A much better method is https://bitcoinbinary.org/ - open source and no crap shitcoines and DMCA
reply
A much better method is https://bitcoinbinary.org/ -
Bitcoin Binary covers a very limited set of applications: https://github.com/coinkite/bitcoinbinary.org
Was useless anyways and full of shitcoineries.
They reviewed Android wallets. Many Android wallets are not bitcoin-only. So yes, many of the reviews were for Android wallets that had support for shitcoins in addition to bitcoin.
Of the small handful of Android wallets on the site that were found to be "reproducible" nearly all were bitcoin-only (e.g., Electrum, Blockstream Green, SBW (before its fork to OBW, ... great blog post, BTW)).
What I could not understand is why the authors of Android wallet apps that were not deemed reproducible from the source (such as Nvk, creator of BitcoinBinary.org) didn't submit a pull request to Wallet Scrutiny proving the app could indeed be reproduced. BlueWallet was another -- if the app binary truly could be reproduced from the sources, why not simply point out the missed step or whatever gap existed where Wallet Scrutiny was unable to reproduce the binary solely from the source code.
Without the ability to reproduce the binary from the source, that means the binary could be doing stuff that nobody would know -- including uploading your keys to the mother ship. Was BlueWallet doing that? I doubt it. Do I know for sure? No -- because there was no proof that the binary .apk on Google Play was created from the source code from their repo.
What good does saying "I control my keys" when you use a wallet app and you truly cannot say "I control my keys" because you simply cannot tell what the .apk binary truly is doing with your keys.
Wallet Scrutiny is a net gain.
reply
didn't submit a pull request to Wallet Scrutiny proving the app could indeed be reproduced.
Because the wallet scrutiny guys requested money in order to scrutinize the app....
reply
The lady doth protest too much, methinks
reply
I saw post on upwork from them once. Asking for money is not a problem, these things don't review themselves and the time for people with the skills to go through these procedures is valuable. It all comes down to how much.
If it was enough to pay for 10 to 20 hours of a devops specialist is fine, if it was something like 50K that would be odd.
reply
Shows that NVK's ColdCard was tested as of six months ago and still not reproducible.
deleted by author
reply
Looks like they their domain is with namecheap.
whois walletscrutiny.com [Querying whois.verisign-grs.com] [Redirected to whois.namecheap.com] [Querying whois.namecheap.com] [whois.namecheap.com]
reply
They aren't running anonymously, nor pseudonymously.
Here's the founder: https://gitlab.com/Giszmo
Leo has been on a number of podcasts and such. He's still active with the WalletScrutiny project, (e.g., his review of a fix that will let WalletScrutiny be able to, finally, build BlueWallet in a way that it passes as "verifiable"), but I see nostr-related things appear to be his recent area of focus.
reply
anyone has a clue of what custodial service that might be?
reply
Could be almost any exchange that has a mobile app and shows a balance for the users's bitcoin.
Would be good for Wallet Scrutiny to name and shame though.
reply
Related:
Does anyone know why Wallet Scrutiny can't reproduce Coldcard builds? #197441
reply