elective-stereophonic
elective-stereophonic
Introducing the NxtVault - Secure account management for Android devices! Beta singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.12.1 Upgrade before block 2870000 is mandatory!

Pages: 1 ... 5 6 [7] 8 9 ... 12  All

Author Topic: Introducing the NxtVault - Secure account management for Android devices! Beta  (Read 41389 times)

Cassius

  • Hero Member
  • *****
  • Karma: +207/-18
  • Offline Offline
  • Posts: 2459
  • Rather be a pirate than join the navy
    • View Profile

My phone says Android version 4.3, so yes, Jelly Bean. Guess that explains it. I'll just have to be careful with sending txs.
Logged
I head up content for BitScan, crypto business hub.

jones

  • Hero Member
  • *****
  • Karma: +310/-8
  • Offline Offline
  • Posts: 1043
  • write code not war
    • View Profile
    • jNxt

@Cassius the nxt today android application has support for broadcasting vapor transactions

I pushed the new fix to jay last night, so now mr_e needs to move some changes to nxtvault. The new version should be right up your alley because it allows for signed tx bytes to be parsed in the same way as TX_ codes before they are broadcasted. It also allows for unsigned transaction bytes to be easily used as well.

Longzai pushed a fix to the jay client for changing the NQT to nxt on ae orders, but the fix requires requests to be made outside of jay, so it's an opt in service.
Logged
-- Jones NXT-RJU8-JSNR-H9J4-2KWKY

Cassius

  • Hero Member
  • *****
  • Karma: +207/-18
  • Offline Offline
  • Posts: 2459
  • Rather be a pirate than join the navy
    • View Profile

That's awesome, thanks. Super safe transactions.
Logged
I head up content for BitScan, crypto business hub.

_mr_e

  • Hero Member
  • *****
  • Karma: +88/-18
  • Offline Offline
  • Posts: 956
    • View Profile

Good news, I've finally been able to resolve this jelly bean error. It was a real doozy... supporting older devices while interoping through to javascript has turned out to be a real pain in the ass:(
Unfortunately because of this I have realized I will never be able to support any devices lower then API 15 V4.0.3.

Should be posting a new build tomorrow with a fix for this issue, as well as new features: scan cold storage(vapor) tx and mgw tx support.

For anyone interested all new code goes to develop branch and then is merged into master when I deploy new version. Master branch should always reflect code as it stands in Google Play.
« Last Edit: July 01, 2015, 05:09:57 am by _mr_e »
Logged

CryptKeeper

  • Hero Member
  • *****
  • Karma: +78/-5
  • Offline Offline
  • Posts: 1235
    • View Profile

Funny you should post that, because I've just bought an old Huawei Ascend mobile for the purpose of using with NxtVault. I bought it 10 mins ago and it runs.... Jelly Bean :)

One thing I was thinking about, _mr_e: would it be worth including a routine to periodically clear the phones clipboard? Say, every 3 seconds that NxtVault is running it could either wipe the clipboard or pipe something into the clipboard, like "--cleared by NxtVault--". Would this be a valuable addition?

Lucky you!  ;D

For people with smartphones running an older stock version of android it could be a solution to install a modded firmware:

http://www.cyanogenmod.org/
Logged
Follow me on twitter for the latest news on bitcoin and altcoins!
Vanity Accounts Sale :-)

barbierir

  • Sr. Member
  • ****
  • Karma: +36/-2
  • Offline Offline
  • Posts: 316
    • View Profile

My phone runs android 2.6, so I'm going to buy a more recent one in order to try NxtVault and other apps. I have still two questions in mind:

1. How much is really secure an unrooted Android phone? Couldn't someone find an exploit one day? Maybe I'm too paranoid but I really don't know enough about it. I suppose it's better to have a dedicated phone for NxtVault, not for everyday use and without other apps installed.

2. Is it planned to further develop Jay and NxtVault in order to make offline signing completely air-gapped? I mean something like I sketched here:


regards
Logged

Irontiga

  • Full Member
  • ***
  • Karma: +9/-4
  • Offline Offline
  • Posts: 123
    • View Profile
    • burstcoin.info

_mr_e knows more about security of Android OS than I do. From what I remember he said that the sandboxing on an unrooted phone with standard firmware was secure: no app can access another apps storage.

The other thing, as you rightly state, is that having a cheap phone only for Nxt transactions means that there's no need to have a load of apps on there anyway. In theory you could factory reset the phone and just install NxtVault. You could also disconnect it from the Internet while not in use if you wanted.

I was going to buy a Moto E because they come with a plain version of Android without any bloatware but thought it was too much money just for signing transactions, so that's why I went for a cheap Huawei.

Actually, I spoke to a really smart dev, as long as you are runnnig super su or some root control app, your phone remains just as secure as before. Well, unless super su or whatever goes rogue, but you can just disable auto update, so no problemo. And BTW, most phones running pre 4.0, probably won't have good official cyanogenmod support, so it's best to just have a google and a look around on xda
Logged
NXT-S27N-JBGA-J8QD-AMAT8

Irontiga

  • Full Member
  • ***
  • Karma: +9/-4
  • Offline Offline
  • Posts: 123
    • View Profile
    • burstcoin.info

Yep. I use SuperSU and I can grant and deny root apps individually. I don't actually have any games or loads of apps on my daily phone: mainly podcast, tapatalk and music.

I guess there are two other reasons that I wanted a dedicated signing phone:

1. I can't forget or "just try an app out" in the future, only to find out as soon as I've granted it root privileges that it was dodgy. Human error is responsible for a lot of mistakes. Even if you forget and install an app for a couple of minutes to see what it's like that could be the end of your NXT. I'm probably being paranoid, but it's a possibility.

2. I must have lost about four phones before, so keeping one at home just for signing makes sense. I haven't been burgled as many times as I have lost a phone.

I think that on the newest versions you can set selective root permissions....or maybe that's another root control app, idk

And i don't lose phones....i generally just drive over them ;P
Logged
NXT-S27N-JBGA-J8QD-AMAT8

_mr_e

  • Hero Member
  • *****
  • Karma: +88/-18
  • Offline Offline
  • Posts: 956
    • View Profile

One thing I was thinking about, _mr_e: would it be worth including a routine to periodically clear the phones clipboard? Say, every 3 seconds that NxtVault is running it could either wipe the clipboard or pipe something into the clipboard, like "--cleared by NxtVault--". Would this be a valuable addition?

Not sure what the point of this would be other then annoying users. NxtVault does not use the clipboard for anything (other then tapping on your account or public key to copy) sensitive so I don't know why it should bother to clear the clipboard. I would not suggest ever copying your passphrase to the clipboard since this can be accessed by other applications.
Logged

_mr_e

  • Hero Member
  • *****
  • Karma: +88/-18
  • Offline Offline
  • Posts: 956
    • View Profile

My phone runs android 2.6, so I'm going to buy a more recent one in order to try NxtVault and other apps. I have still two questions in mind:

1. How much is really secure an unrooted Android phone? Couldn't someone find an exploit one day? Maybe I'm too paranoid but I really don't know enough about it. I suppose it's better to have a dedicated phone for NxtVault, not for everyday use and without other apps installed.

2. Is it planned to further develop Jay and NxtVault in order to make offline signing completely air-gapped? I mean something like I sketched here:


regards

Future versions of android will allow for you to disable certain permissions. I will probably wait for that before implementing this feature. What I will do is that if internet permission is disabled, I will display qr of signed bytes instead, which can then be scanned and broadcast by a second device with internet permission.
Logged

TallSmile

  • Jr. Member
  • **
  • Karma: +1/-1
  • Offline Offline
  • Posts: 23
    • View Profile

I noticed that NXT vault uses systems keyboard for pin and spending password. Is that secure? My other apps such as lastpass and circle that require pin for login use app specific keyboard for this function.
Logged
NXT-EAPU-76MK-2FF6-FKDFY

_mr_e

  • Hero Member
  • *****
  • Karma: +88/-18
  • Offline Offline
  • Posts: 956
    • View Profile

_mr_e knows more about security of Android OS than I do. From what I remember he said that the sandboxing on an unrooted phone with standard firmware was secure: no app can access another apps storage.

The other thing, as you rightly state, is that having a cheap phone only for Nxt transactions means that there's no need to have a load of apps on there anyway. In theory you could factory reset the phone and just install NxtVault. You could also disconnect it from the Internet while not in use if you wanted.

I was going to buy a Moto E because they come with a plain version of Android without any bloatware but thought it was too much money just for signing transactions, so that's why I went for a cheap Huawei.

Actually, I spoke to a really smart dev, as long as you are runnnig super su or some root control app, your phone remains just as secure as before. Well, unless super su or whatever goes rogue, but you can just disable auto update, so no problemo. And BTW, most phones running pre 4.0, probably won't have good official cyanogenmod support, so it's best to just have a google and a look around on xda

You're probably right, chances are high you'd be fine, especially today. But if this app gets more widespread use it could definitely be targeted by apps you've given root permissions to.
Logged

_mr_e

  • Hero Member
  • *****
  • Karma: +88/-18
  • Offline Offline
  • Posts: 956
    • View Profile

I noticed that NXT vault uses systems keyboard for pin and spending password. Is that secure? My other apps such as lastpass and circle that require pin for login use app specific keyboard for this function.

While most well known keyboards should respect the "password" field and not store or upload what you type into such field, you are right, this is a possible risk. I have wanted to create a custom keyboard however this is a big undertaking and I have just not had the time. Does anyone know of a good open source in app keyboard? Also more then happy to take a pull request around this.

If you are paranoid about this then that is why I have allowed you to also enter in your passphrase via qr code. I created a simple offline html qr code generator application you can use to enter your passphrase, generate a qr and scan it into the app, bypassing the keyboard entirely. The html page is here: https://www.dropbox.com/s/mk2y4r61rz763gg/qrcodegenerator.html?dl=0. Generating a new account on device also gets around this, I am using the exact same javascript code straight from the NRS client to generate new passphrases. Make sure if you do this that you back up your passphrases. I cannot be responsible for a lost device or a lost passphrase through any other means.
« Last Edit: July 01, 2015, 04:06:58 pm by _mr_e »
Logged

_mr_e

  • Hero Member
  • *****
  • Karma: +88/-18
  • Offline Offline
  • Posts: 956
    • View Profile

Looking for a few beta testers for the new release of NxtVault. I've done a ton of refactoring and because of this I had to write some fairly complex code that will "upgrade" your accounts from one version to the next. If anything goes wrong I could risk wiping out the accounts and forcing people to have to re-enter... I've tested quite heavily on my side, upgrading from different versions to the recent one and all seems to be ok but I'd just like to test on a small sample of people I can be sure have backed up their passphrases in case anything goes wrong on different devices.
« Last Edit: July 01, 2015, 04:24:03 pm by _mr_e »
Logged

box1413

  • Hero Member
  • *****
  • Karma: +101/-4
  • Offline Offline
  • Posts: 687
    • View Profile

Looking for a few beta testers for the new release of NxtVault. I've done a ton of refactoring and because of this I had to write some fairly complex code that will "upgrade" your accounts from one version to the next. If anything goes wrong I could risk wiping out the accounts and forcing people to have to re-enter... I've tested quite heavily on my side, upgrading from different versions to the recent one and all seems to be ok but I'd just like to test on a small sample of people I can be sure have backed up their passphrases in case anything goes wrong on different devices.

sign me up!
Logged

box1413

  • Hero Member
  • *****
  • Karma: +101/-4
  • Offline Offline
  • Posts: 687
    • View Profile

just installed it... i dont really see a difference..

whats the changelog?

also be great if there was a link option to a nxt blockexplorer when clicking on the nxt address.
Logged

_mr_e

  • Hero Member
  • *****
  • Karma: +88/-18
  • Offline Offline
  • Posts: 956
    • View Profile

just installed it... i dont really see a difference..

whats the changelog?

also be great if there was a link option to a nxt blockexplorer when clicking on the nxt address.

That's good you don't see any immediate difference. That means there was no data loss during the internal restructuring of the app data which is the key thing I want to test.

New features include:

-Faster PIN acceptance
-Ability to scan "cold storage" tx. This basically means you can scan presigned tx from another device. Current use case of this is http://jnxt.org/vapor. You can select "scan cold storage" from the context menu.
-Support for mgwBtc transactions, generate address and withdraw btc (now included as a plugin on jnxt.org/nxt)
-Upgrade jay.js code to the latest version
-internal refactoring for better code and preparation for writing unit tests
-Resolve bug where jellybean devices were not able to sign/broadcast a tx unless they had specified a custom override server
-show tx "messages" on the transaction summary screen


Logged

_mr_e

  • Hero Member
  • *****
  • Karma: +88/-18
  • Offline Offline
  • Posts: 956
    • View Profile

also be great if there was a link option to a nxt blockexplorer when clicking on the nxt address.

Which block explorer would you like to see?
Logged

box1413

  • Hero Member
  • *****
  • Karma: +101/-4
  • Offline Offline
  • Posts: 687
    • View Profile

also be great if there was a link option to a nxt blockexplorer when clicking on the nxt address.

Which block explorer would you like to see?

mynxt.info would suffice

another possible feature:
add mgw addresses that are associated to the nxt address
Logged

_mr_e

  • Hero Member
  • *****
  • Karma: +88/-18
  • Offline Offline
  • Posts: 956
    • View Profile

also be great if there was a link option to a nxt blockexplorer when clicking on the nxt address.

Which block explorer would you like to see?

mynxt.info would suffice

another possible feature:
add mgw addresses that are associated to the nxt address

That would be more of a wallet type feature, to be built on top of nxtvault as a third party app. Still hoping someone will take my wallet example and build a fullfledged wallet on top.

Sent from my SM-N9005 using Tapatalk
Logged
Pages: 1 ... 5 6 [7] 8 9 ... 12  All
 

elective-stereophonic
elective-stereophonic
assembly
assembly