not privacy, that's an other session
It reads the blockchain for balance & transactions
Has a connection to a blockchain node
If you send a tx, you sign the tx with your privkey, then send it to the node
sendrawtransaction || send
In theory the seed never leaves device. You only sign
Easypeasy.
1. what is a cryptocurrency wallet and how does it work?
SECURITY RISKS 1
App: Open source or closed source?
What could be risks?
SECURITY RISKS 2
App components
External resources: Cross App Scripting
In example: Fonts
Seed generation
Too simple seeds?
Use real randomness
Where is the seed stored?
App data is in cloud storage of apps: iCloud and Google Backup
Seed encryption -> use IMEI + PIN, but sill brute forcable.
domain spoofing
DNS spoof -> refer to malicious website
WiFi spoof -> redirect (WIMA)
Server hack -> fake website
losing phone -> people could access funds
key / touch logger -> key mitigation
event stream package.
Copay. malicious packages.
code auditing
+ hashing
keyboard.
spell check