novasamatech / parity-signer

Air-gapped crypto wallet.
https://vault.novasama.io
GNU General Public License v3.0
558 stars 169 forks source link

Make air gap mode setup optional #2421

Open KarimJedda opened 1 month ago

KarimJedda commented 1 month ago

I love the app, it's extremely useful and has massive potential.

Screenshot 2024-10-27 at 11 11 07

However I believe we should give people the option the opt out of the air gap mode.

Making it opt out with the proper disclaimers can be one solution, but I understand it might extend the attack surface. The other solution would be to provide a build of the app that people can install manually through APK/F-Droid (ie not distributed by the official app store), that has the air gap as optional.

What do you think?

chidg commented 4 weeks ago

As a developer working on Talisman Wallet's integration with Parity Signer, it would certainly make things easier if I didn't have to disable functionality on my phone every time I test something with PS. Perhaps this could be hidden behind a 'developer mode' toggle if the maintainers don't want to enable it as a general product feature?

antonkhvorov commented 3 weeks ago

Making it opt out with the proper disclaimers can be one solution, but I understand it might extend the attack surface. The other solution would be to provide a build of the app that people can install manually through APK/F-Droid (ie not distributed by the official app store), that has the air gap as optional.

Security model of Polkadot Vault implies that it has to be used only on the cold device (without any connection to the outside world), thus should interact with external would only via QR codes to sign the operations.

If that is not preferable way of managing the keys then Polkadot Vault is an overkill for the particular use case. E.g. if you are looking for an app to manage keys on the hot device that you should look into Nova Wallet or any other Polkadot mobile wallet