From 9ff1e96ebd95cee9287743bcf352a22cf54ed2f8 Mon Sep 17 00:00:00 2001 From: Kevin Gorham Date: Wed, 10 Jun 2020 11:11:25 -0400 Subject: [PATCH 1/6] Initial draft --- README.md | 47 ++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 44 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e5912da..8ae5c72 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,54 @@ # zcash-android-wallet Android wallet using the Zcash Android SDK that is maintained by core developers. -There are some known areas for improvement: +Please see the [wallet app threat +model](https://zcash.readthedocs.io/en/latest/rtd_pages/wallet_threat_model.html) +for important information about the security and privacy limitations of the +wallet. +### Motivation +[Dogfooding](https://en.wikipedia.org/wiki/Eating_your_own_dog_food) - _transitive verb_ - is the practice of an organization using its own product. This app was created to help us learn. We aim to make it as beautiful as it is useful. Internally, we will continue to extensively use it to innovate and interate on everything from [protocol changes](https://electriccoin.co/blog/introducing-heartwood/) to [lottie animations](https://lottiefiles.com/popular). Of course, Zcash has a strong history of being open-source, even when it's difficult. It would be easier to keep this internal-only so that we could fill it with crash-reporting and feedback tools but, instead, we decided to disable those things and make it available as a community resource. Please take note: + +## This is not a product. This is a tool. + +But it is also something we're committed to maintaining and relentlessly improving. So that we can make our libraries that it is built on stronger and more useful. + +### Setup + +#### Requirements +- [the code](https://github.com/zcash/zcash-android-wallet) +- [Android Studio](https://developer.android.com/studio/index.html) and/or adb with a phone or emulator +- anything else TBD + + +1. Open Android Studio and setup an emulator or connect your device +2. Clone the repo +3. Open the project and press play. It should just work. + +To build from the command line, [setup ADB](https://www.xda-developers.com/install-adb-windows-macos-linux/) and connect your device. Then simply run this and it will both build and install the app: +```bash +cd /path/to/zcash-android-wallet +./gradlew +``` + +## Disclaimers +There are some known areas for improvement: +- We strongly recommend that you only use this for small amounts of funds (less than 1 ZEC). Perhaps begin by using it to create a brand new wallet. - Traffic analysis, like in other cryptocurrency wallets, can leak some privacy of the user. - The wallet might display inaccurate transaction information if it is connected to an untrustworthy server. +- Since this was created as a dogfooding tool, think of it less like a wallet and more like a proof of concept, which can result in bugs up to and including loss-of-funds +- So **please backup your seed phrase** and wallet birthday (block height) +- This app has been developed and run exclusively on `mainnet` it might not work at all on `testnet` +- We've done our best to disable everything we are using internally for feedback but understand this app is designed for getting feedback so it will refrence some of the libraries that we use in-house for that purpose. -See the [Wallet App Threat -Model](https://zcash.readthedocs.io/en/latest/rtd_pages/wallet_threat_model.html) + +See the [Wallet App Threat Model](https://zcash.readthedocs.io/en/latest/rtd_pages/wallet_threat_model.html) for more information about the security and privacy limitations of the wallet. + + + +If you'd like to sign up to help us test, reach out on discord and let us know! We're always happy to get feedback! +### License +MIT From e9d7bea423372ccdd6c510885a407a846160b0c4 Mon Sep 17 00:00:00 2001 From: Kevin Gorham Date: Wed, 10 Jun 2020 11:25:20 -0400 Subject: [PATCH 2/6] Simplify the build, per the README instructions. --- app/build.gradle | 2 ++ build.gradle | 2 ++ 2 files changed, 4 insertions(+) diff --git a/app/build.gradle b/app/build.gradle index 2293a2d..b91de34 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -168,3 +168,5 @@ dependencies { androidTestImplementation Deps.Test.Android.JUNIT androidTestImplementation Deps.Test.Android.ESPRESSO } + +defaultTasks 'clean', 'installZcashmainnetDebug' \ No newline at end of file diff --git a/build.gradle b/build.gradle index a335c0f..2f44100 100644 --- a/build.gradle +++ b/build.gradle @@ -28,3 +28,5 @@ allprojects { task clean(type: Delete) { delete rootProject.buildDir } + +defaultTasks 'clean', 'installZcashmainnetDebug' \ No newline at end of file From e70c55e7a6a458ffd245066dc4aab1d6b2e85a37 Mon Sep 17 00:00:00 2001 From: Kevin Gorham Date: Wed, 10 Jun 2020 13:01:39 -0400 Subject: [PATCH 3/6] Iterated on README after merging in changes from #141. --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 8ae5c72..a804fa1 100644 --- a/README.md +++ b/README.md @@ -41,8 +41,7 @@ There are some known areas for improvement: - Since this was created as a dogfooding tool, think of it less like a wallet and more like a proof of concept, which can result in bugs up to and including loss-of-funds - So **please backup your seed phrase** and wallet birthday (block height) - This app has been developed and run exclusively on `mainnet` it might not work at all on `testnet` -- We've done our best to disable everything we are using internally for feedback but understand this app is designed for getting feedback so it will refrence some of the libraries that we use in-house for that purpose. - +- Getting feedback was one of the original design goals of this app so it is mainly intended for learning and improving the related libraries that it uses. See the [Wallet App Threat Model](https://zcash.readthedocs.io/en/latest/rtd_pages/wallet_threat_model.html) for more information about the security and privacy limitations of the wallet. From 331498a97c33acafd52032eef8e94ea5a674436d Mon Sep 17 00:00:00 2001 From: Linda Lee Date: Wed, 10 Jun 2020 12:43:05 -0500 Subject: [PATCH 4/6] Update README.md - clarify that this is maintained by ECC - delete duplicate sentence about the wallet threat model (kept in the disclaimers, deleted in the intro). - delete "Traffic analysis, like in other cryptocurrency wallets, can leak some privacy of the user." --we agreed that we didn't want to give off the impression that our wallet is worse than other apps, when it is actually better for privacy. - delete "We recommend backing up your seed and using this with amounts of funds..." --we reiterate that this is not a product, and Taylor has looked at our code enough to feel confident about our wallets not losing funds. - delete "We aim to make it as beautiful as it is useful. Internally, we will continue to extensively use it to innovate and interate on everything from [protocol changes](https://electriccoin.co/blog/introducing-heartwood/) to [lottie animations](https://lottiefiles.com/popular). Of course, Zcash has a strong history of being open-source, even when it's difficult. It would be easier to keep this internal-only so that we could fill it with crash-reporting and feedback tools but, instead, we decided to disable those things and make it available as a community resource." -- this takes away from the point that this is only for dogfooding, and that this is not a product. --- README.md | 30 +++++++++--------------------- 1 file changed, 9 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index a804fa1..f5c0ecb 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,10 @@ # zcash-android-wallet -Android wallet using the Zcash Android SDK that is maintained by core developers. - -Please see the [wallet app threat -model](https://zcash.readthedocs.io/en/latest/rtd_pages/wallet_threat_model.html) -for important information about the security and privacy limitations of the -wallet. +An Android wallet using the Zcash Android SDK that is maintained by ECC developers. ### Motivation -[Dogfooding](https://en.wikipedia.org/wiki/Eating_your_own_dog_food) - _transitive verb_ - is the practice of an organization using its own product. This app was created to help us learn. We aim to make it as beautiful as it is useful. Internally, we will continue to extensively use it to innovate and interate on everything from [protocol changes](https://electriccoin.co/blog/introducing-heartwood/) to [lottie animations](https://lottiefiles.com/popular). Of course, Zcash has a strong history of being open-source, even when it's difficult. It would be easier to keep this internal-only so that we could fill it with crash-reporting and feedback tools but, instead, we decided to disable those things and make it available as a community resource. Please take note: +[Dogfooding](https://en.wikipedia.org/wiki/Eating_your_own_dog_food) - _transitive verb_ - is the practice of an organization using its own product. This app was created to help us learn. -## This is not a product. This is a tool. - -But it is also something we're committed to maintaining and relentlessly improving. So that we can make our libraries that it is built on stronger and more useful. +Please take note: the wallet is not an official product by ECC, but rather a tool for learning about our libraries that it is built on. This means that we do not have robust infrasturcture or user support for this application. We open sourced it as a resource to make wallet development easier for the Zcash ecosystem. ### Setup @@ -33,21 +26,16 @@ cd /path/to/zcash-android-wallet ## Disclaimers There are some known areas for improvement: -- We strongly recommend that you only use this for small amounts of funds (less than 1 ZEC). Perhaps begin by using it to create a brand new wallet. -- Traffic analysis, like in other cryptocurrency wallets, can leak some privacy - of the user. -- The wallet might display inaccurate transaction information if it is connected - to an untrustworthy server. -- Since this was created as a dogfooding tool, think of it less like a wallet and more like a proof of concept, which can result in bugs up to and including loss-of-funds -- So **please backup your seed phrase** and wallet birthday (block height) -- This app has been developed and run exclusively on `mainnet` it might not work at all on `testnet` -- Getting feedback was one of the original design goals of this app so it is mainly intended for learning and improving the related libraries that it uses. + +- This app so it is mainly intended for learning and improving the related libraries that it uses. There may be bugs. +- This wallet currently only supports receiving at shielded addresses, which makes it incompatible with wallets that do not support sending to shielded addresses. +- The wallet requires a trust in the server to display accurate transaction information. +- This app has been developed and run exclusively on `mainnet` it might not work on `testnet`. See the [Wallet App Threat Model](https://zcash.readthedocs.io/en/latest/rtd_pages/wallet_threat_model.html) for more information about the security and privacy limitations of the wallet. - - If you'd like to sign up to help us test, reach out on discord and let us know! We're always happy to get feedback! + ### License MIT From 1ff92a8269fdd24485d4899736632d3bbceaa818 Mon Sep 17 00:00:00 2001 From: Kevin Gorham Date: Wed, 10 Jun 2020 14:35:44 -0400 Subject: [PATCH 5/6] Addressed feedback in https://github.com/zcash/zcash-android-wallet/pull/156#discussion_r438328102 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f5c0ecb..220bb0a 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ cd /path/to/zcash-android-wallet ## Disclaimers There are some known areas for improvement: -- This app so it is mainly intended for learning and improving the related libraries that it uses. There may be bugs. +- This app is mainly intended for learning and improving the related libraries that it uses. There may be bugs. - This wallet currently only supports receiving at shielded addresses, which makes it incompatible with wallets that do not support sending to shielded addresses. - The wallet requires a trust in the server to display accurate transaction information. - This app has been developed and run exclusively on `mainnet` it might not work on `testnet`. From 768c8819a0255d68a12dcf73e5bf0d034543d78a Mon Sep 17 00:00:00 2001 From: Linda Lee Date: Wed, 10 Jun 2020 13:57:12 -0500 Subject: [PATCH 6/6] Update README.md Add back in traffic analysis. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 220bb0a..6c183eb 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,7 @@ There are some known areas for improvement: - This app is mainly intended for learning and improving the related libraries that it uses. There may be bugs. - This wallet currently only supports receiving at shielded addresses, which makes it incompatible with wallets that do not support sending to shielded addresses. +- Traffic analysis, like in other cryptocurrency wallets, can leak some privacy of the user. - The wallet requires a trust in the server to display accurate transaction information. - This app has been developed and run exclusively on `mainnet` it might not work on `testnet`.