search

muun / apollo

Muun Android wallet
https://muun.com
MIT License
258 stars 46 forks source link

Implement AOPP Support #35

Open lclc opened 3 years ago

lclc commented 3 years ago

The guys from Pocket Bitcoin made me aware of this discussion about AOPP: https://twitter.com/PocketBitcoin/status/1404947001435951106

AOPP (Address Ownership Proof Protocol) is a new, simple protocol that specifies the transmission of signed messages via a URI scheme: https://gitlab.com/aopp/address-ownership-proof-protocol

Providing proof of ownership over an address is required to withdrawal Bitcoin in some countries (Switzerland, the Netherlands (although this is not fully clear, Singapore, Germany (WIP), and soon more). It's a hassle to do that manually for the user and the exchange. AOPP heavily improves that. See aopp.group for more information about it.

Besides improving the UX for the user, there are two more benefits:

  1. There is no need to copy & paste a Bitcoin address for the wallet to the exchange to withdraw. This prevents malware from replacing it in the clipboard (e.g. https://www.fortinet.com/blog/threat-research/vipersoftx-new-javascript-threat)
  2. The wallet is aware that the user is withdrawing from an exchange (even which exchange) and with that can suggest other options, which might be better for his privacy, provide better fees or better technology (e.g. segwit support, etc.).

AOPP does not affect and is not even visible to users of exchanges who don't have AOPP (don't require ownership proof).

AOPP usually shouldn't be too hard to implement. BlueWallet implemented AOPP support in less than a day (BlueWallet/BlueWallet#2915). If you need any help we're happy to assist (here or in the Telegram group).

Besides our testing infrastructure (documented in https://gitlab.com/aopp/address-ownership-proof-protocol) you can also try AOPP with https://getbittr.com/ and pocketbitcoin.com/ without having to create an account with either of them.

lclc commented 3 years ago

Since you are using Java, here is the commit from Sparrow (Desktop) Wallet implementing AOPP in Java: https://github.com/sparrowwallet/sparrow/commit/425e476f202273dcc4e721a3aa92defca31196f4

champo commented 3 years ago

Hi! Like discussed on twitter, we're a multi sig wallet and the protocol is single-sig only.

I appreciate the content rich report btw! Very thoughtful.

lclc commented 3 years ago

Thanks, I followed the discussion there too.

Indeed, that's a problem we're exploring now again a bit.

We definitely want to have something that works with multi-sig too, but we also want it to stay simple to implement. I'll let you know when we make some progress in that regards. If you have some suggestions, feel free to create an issue here https://gitlab.com/aopp/address-ownership-proof-protocol or join the Telegram to discuss.