Closed BETA started! The only one secure iOS Bitcoin wallet that really works. - page 2.

olsn

newbie

Activity: 55

Merit: 0

Quote

1. Plain text. Have to clarify, Will update you asap.
Updated: WE use most secure approach for this module. If somebody will ever get your password (which we really doubt), he wont pass the next step of profile installation anyway. But we have even one more layer - it is your 4 digit protection code.

My concern was not someone logging into this app but saving innocent users. As you probably know MANY users have the same password for a lot of services. Now I don't want to say that this is good, but fact is that there are users out there who do it (many of them) - If you hash the password on the client with a salt before sending it anywhere you can make sure that just in case someone gets the hash they won't be able to do anything with it. Plus you cannot be accused of phishing passwords. Plus you are building more trust...

Device-Specific Profile:
What happens if I loose my device, it breaks or gets stolen? How will I be able to access the wallet?

And a question on the pricing: Will this service every cost anything? If so - what price-tag/subscription-model are you aiming for?

fruitwallet

member

Activity: 102

Merit: 10

wow. best news

raskul

sr. member

Activity: 434

Merit: 250

Quote from: raskul on March 14, 2014, 09:07:43 AM

Quote from: fruitwallet on March 14, 2014, 09:05:40 AM

raskul, there should be button "use" just after you take a photo. I tested on 5c, 5, 4 iphones and iPad 2. Are you sure the photo quality is quite good? That is extremely important for us to understand the problem.
We won't like to add additional services to the app, it can influence security badly.

yup, for sure... i've tried it many times, take photo - use photo - at different distances from the qr code I want to send to and it just doesn't import the bitcoin address... Undecided

OK now it has worked. not sure why it wasn't working before, but it's working now.
thanks

raskul

sr. member

Activity: 434

Merit: 250

Quote from: fruitwallet on March 14, 2014, 09:05:40 AM

raskul, there should be button "use" just after you take a photo. I tested on 5c, 5, 4 iphones and iPad 2. Are you sure the photo quality is quite good? That is extremely important for us to understand the problem.
We won't like to add additional services to the app, it can influence security badly.

yup, for sure... i've tried it many times, take photo - use photo - at different distances from the qr code I want to send to and it just doesn't import the bitcoin address... Undecided

fruitwallet

member

Activity: 102

Merit: 10

raskul, there should be button "use" just after you take a photo. I tested on 5c, 5, 4 iphones and iPad 2. Are you sure the photo quality is quite good? That is extremely important for us to understand the problem.
We won't like to add additional services to the app, it can influence security badly.

raskul

sr. member

Activity: 434

Merit: 250

Quote from: fruitwallet on March 14, 2014, 08:51:37 AM

Scan QR works for us. Steps - 1. take photo, 2. click use. Result: it shows you the address, photo is not saved to gallery. Please explain.

Nope, I tried this but it is not importing the address for me.

Quote from: fruitwallet on March 14, 2014, 08:51:37 AM

Raskul,
"and every time i try to send coins from it, it asks to install the profile. this needs fixed also." Did I answer your question? It is just for your security.

yes thanks. just the qr scanning query which needs addressing now. take photo - yes, bitcoin address import - no.

fruitwallet

member

Activity: 102

Merit: 10

Answering all the questions.

1. Plain text. Have to clarify, Will update you asap.
Updated: WE use most secure approach for this module. If somebody will ever get your password (which we really doubt), he wont pass the next step of profile installation anyway. But we have even one more layer - it is your 4 digit protection code.

2. Profile is needed to tie your wallet to device. It ties when you do it first time. When sending bitcoins - it asks for profile to CHECK if it is REALLY your phone. This way we protect your send transactions.

3. This Profile feature is supported with Safari. Only safari as we discovered so far.
We didn't find 100% secure way for Android yet. We can do it theoretically, but we want to be 100% sure, your BTC are safe.

Scan QR works for us. Steps - 1. take photo, 2. click use. Result: it shows you the address, photo is not saved to gallery. Please explain.

Anymore questions guys?

Raskul,
"and every time i try to send coins from it, it asks to install the profile. this needs fixed also." Did I answer your question? It is just for your security.

devthedev

legendary

Activity: 1050

Merit: 1004

Will this ever be ported to Android? There's not too many decent wallets.

raskul

sr. member

Activity: 434

Merit: 250

and every time i try to send coins from it, it asks to install the profile. this needs fixed also.

raskul

sr. member

Activity: 434

Merit: 250

OK, another issue I found.. the scan-qr function doesn't work, it simply asks my iphone to take a photo, you need to build a qr-scanner into it. This is essential.

olsn

newbie

Activity: 55

Merit: 0

Hi - I have not tested the app on my iOS device yet (only on my computer with a spoofed user agent)

I have three questions though:

1) Why is my password being sent in plain? - I know you do have an SSL-connection setup, but how do we know that your service won't fish for passwords? - Worst case scenario here is that passwords are saved in plain in the db or with a symetric key.
-> It'd be more secure if noone knew my password but just a salted hash.

2) What is the specific reason for the OTA Profile Enrollment? Why do you need the UUID ect.?

3) What is proprietary about iOS devices/mobile safari that couldn't be done with other mobile browsers? (Or in short: Why is it iOS only and not Android as well?)

Besides that grats to the app so far.

raskul

sr. member

Activity: 434

Merit: 250

Quote from: fruitwallet on March 14, 2014, 07:43:41 AM

done! sorry for inconvenience. Wink

not a problem. just waiting on him re-installing so I can send him some coins.

fruitwallet

member

Activity: 102

Merit: 10

done! sorry for inconvenience. Wink

raskul

sr. member

Activity: 434

Merit: 250

yes, one of those is my bro in law

i've let him know, and also directed him to this thread.
can you remove the names above in the post now please^^

thanks.

fruitwallet

member

Activity: 102

Merit: 10

2 e-mails were suddenly redirected to BETA.fruitwallet.com which is using not real bitcoins.

These are:
jos****@******
ro*******@******

If your brother is one of them, pls ask him to register at fruitwallet.com
We shut beta.fruitwallet.com down for now.

Issue resolved.
Thanks for help.

raskul

sr. member

Activity: 434

Merit: 250

Quote from: fruitwallet on March 14, 2014, 07:20:53 AM

yep, pls wait few minutes.

OK, let me know and I can relay the message to him.

fruitwallet

member

Activity: 102

Merit: 10

yep, pls wait few minutes.
Updated.
for some reason account was created at beta.fruitwallet.com Sad

Will resolve asap.

raskul

sr. member

Activity: 434

Merit: 250

we may have some teething problems;

my brother in law has installed fruitwallet, and has sent me a request to send him some coins.
BUT - the address he sent me, via the fruitwallet app;

Please send bitcoins to

mrs61q1DPwScASkKzd2LCdHZyS17V9evRg

clearly, this is wrong... can you investigate the issue and let me know please?

fruitwallet

member

Activity: 102

Merit: 10

Confirmation from my side.
https://www.dropbox.com/s/kgq0gbfwwl65dfe/Screen%20Shot%202014-03-14%20.png

raskul

sr. member

Activity: 434

Merit: 250

test BTC confirmed. Grin

Topic: Closed BETA started! The only one secure iOS Bitcoin wallet that really works. - page 2. (Read 5022 times)