search

perawallet / pera-wallet

Source code for Pera Wallet, simply the best Algorand wallet.
https://perawallet.app
Other
178 stars 62 forks source link

Proof of untempered app #88

Closed 1m1-github closed 1 year ago

1m1-github commented 1 year ago

Is there anything to secure users from using a compromised version of Pera

E.g., there is AppCheck by Google, which claims to ensure this

why security is so important, i just wrote here: https://github.com/perawallet/pera-wallet/issues/87

taylanpince commented 1 year ago

@1m1-github Thank you for your question. Both Apple and Google have code sign features in place that prevent downloading a compromised or tampered version of the binary. They also employ uniqueness checks for App Store listings, so if another binary is submitted under a separate account, it wouldn't get through app review. In other words, downloading through the official App Store and Play Store listings is a very safe way of accessing the app.

One additional security feature that we are working on at the moment is providing a public checksum for the APK distribution. That way it would be possible to double check the validity of the APK file for Android, even if someone decides to download it directly instead of going through Play Store.