Wallet Logo

Bitcoin Wallet - Airbitz

Latest release: 2.4.12 ( 21st September 2018 ) 🔍 Last analysed 29th December 2021 . Failed to build from source provided! Not functioning anymore
3.4 ★★★★★
1150 ratings
100 thousand
1st April 2014

Jump to verdict 

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

The Analysis 

Bitcoin Wallet - Airbitz claims to be non-custodial and open source but being the predecessor of Edge - Bitcoin & Crypto Wallet Unreproducible! , it gets a bit confusing here as it points to the same website for its open source:

• Open-source code. Available at https://github.com/Airbitz

At github.com/Airbitz though, as mentioned in the article on Edge there is no code and we get forwarded to github.com/EdgeApp where there are currently 130 repositories and 81 repositories created by EdgeApp. There at first sight, the most likely source code for Airbitz Android app is airbitz-android-gui.

airbitz version on playstore

The Playstore mentiones Airbitz currently and since one year to be at version 2.4.12 yet on GitHub the latest tag is 2.2.0 from three years ago. The currently latest commit on master appears promising, as it has the commit comment “2.4.12”, the version we would hope to see matching the Playstore apk.

So … what do the build instructions tell us?

The Airbitz android application comes in 3 flavors. Production, Testnet and Develop. To build it issue one of the following commands:

Develop version (Seperate App ID which does not conflict with production version. Also uses the develop branch of airbitz-core-java)

./gradlew installDevelopDebug

Testnet version

./gradlew installNettestDebug

Production version

./gradlew installProdDebug

For a reproducible build I would have hoped to find some buildProdRelease and not only ...Debug.

So … lets try this:

airbitz-android-gui/Airbitz$ ./gradlew installProdDebug
Parallel execution is an incubating feature.
Incremental java compilation is an incubating feature.

FAILURE: Build failed with an exception.

* What went wrong:
A problem occurred configuring project ':airbitz'.
> Could not resolve all dependencies for configuration ':airbitz:_nettestDebugApk'.
   > A problem occurred configuring project ':libs:airbitz-directory'.
      > No toolchains found in the NDK toolchains folder for ABI with prefix: mips64el-linux-android

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output.

BUILD FAILED

Total time: 1.415 secs

Given there is no promise of reproducibility and no instructions on how to build the release version or implicit promise about plugins and APIs not resulting in big differences, we give up here for now and conclude the now obsolete but still available for install wallet Airbitz is not verifiable in its current form.

(lw)

Verdict Explained

We encountered a build error while compiling from source code!

As part of our Methodology, we ask:

Can the product be built from the source provided? If not, we tag it Build Error!

Published code doesn’t help much if the app fails to compile.

We try to compile the published source code using the published build instructions into a binary. If that fails, we might try to work around issues but if we consistently fail to build the app, we give it this verdict and open an issue in the issue tracker of the provider to hopefully verify their app later.

But we also ask:

Is the product still supported by the still existing provider? If not, we tag it Defunct!

Discontinued products or worse, products of providers that are not active anymore, are problematic, especially if they were not formerly reproducible and well audited to be self-custodial following open standards. If the provider hasn’t answered inquiries for a year but their server is still running or similar circumstances might get this verdict, too.