mitdralla
commented
2 years ago Hello :) - I added an addition to one of the questions:
"Device permissions are only requested based on a user's choice of function and if essential to the operation of the application. Any permissions are at the minimum viable amount to ensure that a function works. Numio keeps up to date with all Google Play and App Store privacy requirements and describes, via custom modal and plain English, exactly what each permission is for.
By design, users are unable to capture the screen during the seed phrase screen and (optional) biometrics registrations screens to enhance users security. Seed phrases are not stored on the device."
milvinae
Is your wallet security tested? Please explain security measures i.e. security audit, internal security team or some other method.
The app is constantly subject to multiple layers of QA testing before (and after) undergoing internal audits and penetration tests. Major releases undergo 3rd party security auditing.
Numio is a non-custodial mobile application focused on user security and UI/UX. A user's key pair is generated locally on their phone and their private keys never leave their device. Users sign their own transactions manually and only the encrypted data is transmitted.
When did your wallet go live to users?
Android went live on Google Play on the 31st December 2020 and iOS went live in the App Store on the 6th July 2021.
Does your wallet have an active development team?
Yes. The wallet is actively developed and new releases go out on average every 10 days.
Is your wallet open-source?
No. Numio is not open source, however elements of the application are.
Open source elements include our CDN & SDK, zkSync API, NPM relayer, and various meta API’s.
Our full open-source GitHub repo can be found here - https://github.com/TeamNumio/TeamNumio
Is your wallet globally accessible?
Numio is globally accessible via the Google Play and Apple App Stores. The app requires no KYC to use.
Is your wallet custodial, non-custodial, or a hardware wallet?
Numio is non-custodial - only the user has access to their Private Keys, which are easily accessible via the settings menu.
Please describe the measures taken to ensure the wallet's security and provide documentation wherever possible
As stated in the first response, the app is constantly subject to multiple layers of QA testing before (and after) undergoing internal audits and penetration tests. Major releases undergo 3rd party security auditing. While we do not currently have any of this audit data currently publicly available, we are looking to make something available in the near future.
We work closely with our partners, including zkSync and Storj, to ensure that their technology is integrated in accordance with their best practices. This can be verified with those teams.
Device permissions are only requested based on a user's choice of function and if essential to the operation of the application. Any permissions are at the minimum viable amount to ensure that a function works. Numio keeps up to date with all Google Play and App Store privacy requirements and describes, via custom modal and plain English, exactly what each permission is for.
By design, users are unable to capture the screen during the seed phrase screen and (optional) biometrics registrations screens to enhance users security. Seed phrases are not stored on the device.
Outside of secure blockchain technology, the Numio application uses SHA256/RSA256 for encryption both within the app, and as a byproduct of integrated technology, including FaceTech - https://dev.facetec.com/security-best-practices.
Numio has now been public for over 11 months, and has been downloaded in excess of 10,000 times from Google Play and the App Store. There has not been a single significant security bug reported in that time. It is also worth noting that both the application and company were subject to significant due diligence by VC’s as part of our $1.25m seed investment round which was completed in July 2021.
Does the wallet have fiat on-ramps?
Layer 1 ERC-20 tokens can be purchased with credit & debit cards. Layer 2 fiat on-ramps are in the process of being added.
Numio utilizes zkRollups from zkSync to reduce transaction fees for the user. Additional Layer 2 solutions are currently being integrated.
Does the wallet allow users to explore dapps?
As of version 2.3, Numio is integrated with Wallet Connect. Users can simply scan a QR code and connect with their favorite dapp right from the Numio app.
Does the wallet have integrated defi/financial tools?
Borrowing, Lending and earning are not currently integrated - however these features are being added in a future update.
Can a user withdraw to their card?
Not currently - this is however on our roadmap
Does the wallet offer limits protection?
This is not currently implemented.
Does the wallet allow high-volume purchases?
The app does allow high-volume purchases, this is however dependent on KYC.
Does the wallet have an integrated token swap?
Layer 1 token swaps are live and available to all users.
Layer 2 (zkRollup) swaps have been integrated but are not yet live.
Is the wallet a multi-signature wallet?
Numio is not a multi-signature wallet.
Wallet title
Numio
Wallet description
Numio is a non-custodial, Layer 2 Ethereum wallet, powered by zkRollups for fast and cheap ERC-20 transactions and token swaps. Numio is available on Android and iOS.
Wallet logo
All brand assets can be found at - https://www.numio.one/brand-kit/
Background colour for brand logo
3AD15D
URL
https://numio.one