Topic: Do beginners know what closed & open source wallets are? (Read 650 times)

I read some guide posts about custodial vs. non-custodial wallets but only a few about open vs. closed source. I often read them brought up by other users in the comments. I think many beginners don't have the slightest idea about the difference between closed and open source yet. I don't claim to be an expert on this but I will try to highlight that in this post based on what I understand so far.

Can you edit the OP.  Trustwallet iOS is no more open source. It is a close source wallet.

**some evidence suggest that it is not open source anymore.

Open source: Huge advantage over closed source is there are more people who can check the codes for any bugs or malwares. The more eyes to inspect, the faster it is to find and fix any vulnerabilities. The wallet becomes more secure to store funds. There is also no need to put trust to a few developers and this idea truly supports decentralization too.

Example of non-custodial and open source mobile wallets:
- Electrum
- MyCelium
- Bread Wallet
- Trust Wallet (IOS) **

the looks of the wallet can also be different, even the logo. a user that downloads such malicious wallets doesn't pay attention to those differences either, even if they do it would look like the new version's new looks.

Exactly, having the source code open doesn't guarantee that the files you download from app stores are the same. And even if they are, it's not guaranteed that the source code was inspected by someone who knows what to look for.

One of the major reasons for closing the source were fake or cloned apps being distributed on the app store. Even in case of "benign" clones, their developers would keep all support links and the official logos and branding. We cannot provide support for modified versions, and both malicious and poorly implemented "benign" clones were having a negative effect on our image and ability to provide quality support for users.

That doesn't answer the question of why it isn't open source? Why, if it was open source, did you decide to close it? You say it was a tough decision, so there must of been lots of factors you considered. What were they?

I'm sure you will always have lots of users, but serious users on this forum are never going to use and never going to recommend closed source software.

Small warning: Being on Github does not mean that wallet is open source and therefore safe. Unless you check each line in the wallet code or trust that there are sufficient developers who have checked each line with the code, there is no difference between the open and closed wallets.

Many scammers give a false sense of security by inserting part of the code "compressed on Github" or uploading unverified/recent files.

Always check wallet reviews before downloading it.

Are you saying that the IOS version of trust wallet is open source while the Android version is closed source?

I read some guide posts about custodial vs. non-custodial wallets but only a few about open vs. closed source. I often read them brought up by other users in the comments. I think many beginners don't have the slightest idea about the difference between closed and open source yet. I don't claim to be an expert on this but I will try to highlight that in this post based on what I understand so far.

Closed source: Since nobody else knows the codes except the developers, it is mainly them who can check the wallet for any bug or other vulnerabilities. I'm not sure how many are they but their number is surely fewer than the devs monitoring open source wallets. If a hacker finds a malware, it could probably take them longer time to fix that. The longer the time, the greater the risks to the funds of users.  

Another factor is you have to completely trust or at least highly trust the team. I think being a "trust-based" wallet alone is a potential red flag already and you should think carefully before using them. Why? The developers can do a lot of changes in the wallet. I can't remember who said this but here's an example, the developers can ask you to pass KYC verification before you can access your funds again. That sounds crazy and the chances of that happening are low but it is still a possibility.

Non-custodial mobile wallets used by many beginners today are probably unaware that they are closed source. Here are some of them:
- Coinomi
- Exodus
- Enjin
- Jaxx
- Trust Wallet (Android)


Open source: Huge advantage over closed source is there are more people who can check the codes for any bugs or malwares. The more eyes to inspect, the faster it is to find and fix any vulnerabilities. The wallet becomes more secure to store funds. There is also no need to put trust to a few developers and this idea truly supports decentralization too.

Example of non-custodial and open source mobile wallets:
- Electrum
- MyCelium
- Bread Wallet
- Trust Wallet (IOS)


I am sure there are similar or differing opinions from the pro users here and I would like to hear them.
Please share your thoughts, add more, or rectify if you see something inaccurate in my post.  


P.S.
I'm not promoting any of the above-mentioned wallets. If you want to use any of them, please do it at your own discretion.

Example of non-custodial and open source mobile wallets:
- Electrum
- MyCelium
- Bread Wallet
- Trust Wallet (IOS)

Coinomi was open source years ago and we had to make the tough decision of closing it. The developers still contribute to several open source projects. Reopening the source is not completely out of the question, but it's not a simple decision to make either.

Regardless of the outcome of this particular issue, it doesn't address the wider problem, in that your wallet is still closed source. Even if Google didn't have access to the seed as you state (which again, because they are closed source, we will never know), the issue is that they could have. All users of Coinomi have to have complete trust in both your programming skills and your honesty.

The oft repeated mantra of "Don't trust. Verify." is apt here. With closed source software, it is impossible to verify, and you are forced to trust. Why will you not transition to open source?

Hey, great article.

I would like to add another wallet to the OpenSource wallets list, the name is Atomic Wallet.

i have been using this wallet in the past months and is the best one i have ever seen. It has features like swap, buy cryptos, staking, and multiple coins and tokens wallet... So far so good, and i think it deserve a mention in this thread.

You can read the forensic analysis here regarding this spelling error issue you are referring to: https://twitter.com/kimionis/status/1131945228506738688

hehe Coinomi was already doing the second part. it was sending the seed to their servers to be "checked" for spelling errors, etc. and it is closed source so there isn't that much information about what the hell was going on really. all we know was that it communicated the mnemonic with a server and the devs were evasive about it.