Do you offer a bare-bones open source client? I currently have no way of telling whether the private keys are being shared with your servers or whether they are only stored locally on my phone.
I'd be interested in knowing this too
I also don't see any options to back up my private keys.
What happens if I lose my phone?
This is very good question that I am also having. Your online documentation only talks about public key cryptography and says nothing about where the private keys are stored and their security. I guess the phone is generating a signature using the private key.
Can you put more detail on how this is secure:
- How is the private key sandboxed? Since the phone is connected to internet , this is a concern for me. Other hardware devices like trezor or bank 2fa h/w devices are not connected to internet , so it feels safer to me
- Also I want to know, how are you getting enough entropy for the private key, is the implementation safe( We had same problem with other websites ). Can you open source this part