Auto-update
Auto-update can be a controversial feature. I expressed the same reservation about Bitcoin Wallet for Android, as efficient update mechanisms can allow one developer to efficiently issue malicious updates ( it can be against their will ). So there's a similar level of trust needed here than with a centralized service.
So I was wondering if Sparkle allows users to refuse updates, or if everything is done in the background without user's consent. If you have some mechanisms that allow updates to be deployed progressively, etc.
In the worst case scenario, a little warning box similar to the one of blockchain.info & electrum could be used, so this isn't a blocking issue.
Sparkle does allow users to refuse updates, but unless the attacker was especially careless, the average user would never be able to tell the difference between a malicious update and a legitimate one anyway.
The truth is, we need more information. We've read about Evilgrade and other such exploits, but this is by no means an area of expertise of the present team. The benefits of auto-update are very great indeed, so let's figure this out together.
From addresses
I see that the GUI shows parts of the From: Bitcoin addresses. Are these "clickable"? Generally speaking, the consensus seems to be that allowing users to (easily) see and use "From addresses" doesn't make sense, as users shouldn't be tempted to send money to these addresses (and lose money if these addresses are no longer owned by anyone).
They are not clickable. There was a consideration for them to work as you describe, but then we read the same stuff you probably read and came to the same conclusions.
Testing / maturity
Perhaps it would be good to wait until Hive is stable, and has been used by many users for at least one month to be sure the app is working correctly? I think no other app or service on bitcoin.org has been pushed until it had some history behind it.
We couldn't agree more.
Also as a more general thought, while very friendly, I don't know if "address books" are likely to make sense in the future. In general, reusing addresses is discouraged both for privacy and security reasons. However, concretely, most wallets still have address books and generally are poorly designed to provide a friendly alternative. Perhaps that the future will only be "clickable / scannable / wireless" payment requests, or some kind of "deterministic changing addresses", or maybe some wallets will just keep using address books, I don't know.
Perhaps you are right, but we are probably not going to blaze that particular trail ourselves. We feel that what we have provided is appropriate for the time being, but if patterns and best practices change, we will be right there with all of you.
Thanks for your interest and kind words, blockgenesis!