Android App

[random9brat]

Hello Ian,

I was wondering if I can get a permission to build .apk and place an Android app on Google store of this app. It will be free, I wont charge anything and I will referral whole app to these links (github, your BIP39 - Mnemonic Code website, etc.)

Since I love the code you wrote I think it would be really useful to get more attention and get approved by Google since a lot of people will use it on their Android phones.

Cheers :)

[wigy-opensource-developer]

Although I am not empowered to give you an answer, the very essence of this app is that the user controls the whole supply chain from the source code to the offline webpage. At the moment anyone could download the standalone HTML file and open it on their mobile phone with their favorite browser, so there is not a big gain functionality-wise.

On the other hand, unless you are using Graphene OS or an Android without Google Play, your mobile phone is full of backdoors and "automatic backups" to the vendor's cloud, be it Apple, Google, Huawei or Samsung. Time and time there are reports where employees of these companies sell data. You might argue that Mac OS and Windows has similar issues and you would be right.

There were also cases when someone deployed a slightly modified application on a different domain, ran a Google Ad that pushed their domain before Ian's one, and collected all generated phrases on their servers. How would I be able to check if your APK is unmodified?

I play devil's advocate here, I like the general idea of spreading awareness of this application, but I try to challenge you to explain how you handle these extra attack vectors.

[iancoleman]

The license is very permissive, you can do whatever you like within the bounds of the license.

[Zwilla]

I use the tool only at an air gapped computer, without any hardware for BT, WiFi, Lan, NFC aso. Also I build it always from source and review every single line of new code.

I NEVER TRUST ANY APP

[random9brat]

Thats what I thought in general, people might dont want to use it since it will have some kind of backdoor etc. Also Im using it too in the offline mode. But I started to use some framework which generates really good android apps from html/css/bootstrap, so I created that app for myself. Its easier since you dont need browser and because of that its faster.

And also (i know this so paradoxically) I thought people might have more trust if its verified from google even, because I know some of my friends didnt want to use a lot of usefull websites like this one because "its risky" (which is totally twisted opinion and reasonable but nvm).

People often do some illogical things in the crypto world and all of that isbecause of a lack of knowledge.

[random9brat]

So i found this :

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

[tadeubas]

@random9brat you found that the license allows you to make such Android app. So, if this is the case, you should close this issue.

[openMolNike]

This app can derivate Bitcoin and Ethereum absolutely offline. Select "Restore seed" and "Seed to addresses" BIP-39 Coin-flip for crypto

[tadeubas]

This app can derivate Bitcoin and Ethereum absolutely offline. Select "Restore seed" and "Seed to addresses" BIP-39 Coin-flip for crypto

@iancoleman I think you should delete the above comment because of the link to a possible malicious app

[openMolNike]

malicious app

This application is not malicious. I created it and indicated that it can and should work strictly offline on a separate offline device. I also explicitly mentioned inside the application that I insist that users check the result of derivation to addresses with the iancoleman utility