A much better method is https://bitcoinbinary.org/ -
Bitcoin Binary covers a very limited set of applications: https://github.com/coinkite/bitcoinbinary.org
Was useless anyways and full of shitcoineries.
They reviewed Android wallets. Many Android wallets are not bitcoin-only. So yes, many of the reviews were for Android wallets that had support for shitcoins in addition to bitcoin.
Of the small handful of Android wallets on the site that were found to be "reproducible" nearly all were bitcoin-only (e.g., Electrum, Blockstream Green, SBW (before its fork to OBW, ... great blog post, BTW)).
What I could not understand is why the authors of Android wallet apps that were not deemed reproducible from the source (such as Nvk, creator of BitcoinBinary.org) didn't submit a pull request to Wallet Scrutiny proving the app could indeed be reproduced. BlueWallet was another -- if the app binary truly could be reproduced from the sources, why not simply point out the missed step or whatever gap existed where Wallet Scrutiny was unable to reproduce the binary solely from the source code.
Without the ability to reproduce the binary from the source, that means the binary could be doing stuff that nobody would know -- including uploading your keys to the mother ship. Was BlueWallet doing that? I doubt it. Do I know for sure? No -- because there was no proof that the binary .apk on Google Play was created from the source code from their repo.
What good does saying "I control my keys" when you use a wallet app and you truly cannot say "I control my keys" because you simply cannot tell what the .apk binary truly is doing with your keys.
Wallet Scrutiny is a net gain.
didn't submit a pull request to Wallet Scrutiny proving the app could indeed be reproduced.
Because the wallet scrutiny guys requested money in order to scrutinize the app....
reply
The lady doth protest too much, methinks
reply
I saw post on upwork from them once. Asking for money is not a problem, these things don't review themselves and the time for people with the skills to go through these procedures is valuable. It all comes down to how much.
If it was enough to pay for 10 to 20 hours of a devops specialist is fine, if it was something like 50K that would be odd.
reply
Shows that NVK's ColdCard was tested as of six months ago and still not reproducible.
deleted by author
reply