Ownbit: Cold & MultiSig WalletGoogle Play
Our wallet review process
We examine wallets starting at the code level and continue all the way up to the finished app that lives on your device. Provided below is an outline of each of these steps along with security tips for you and general test results.
Application build test result
On the Google Play description we read:
The mnemonics, seeds (used to generate private keys) of Ownbit wallet are encrypted and stored on the phone side. The private key is completely under your control.
So this is a non-custodial wallet.
This wallet appears to feature a “cold storage” mode where the same app gets installed on an offline and an online phone and so the private keys never are connected to the internet. This of course provides very high security if the private keys are generated with good entropy. An evil provider could limit the entropy to generate only one out of a million backups to make those guessable for him but collisions unlikely. Scrutiny is therefore even in this mode of the essence.
So lets see if this app provides public source code …
Turns out, their website is currently not.
On GitHub we found 87 hits but only in localization, html, csv and reStructuredText which don’t look like the app itself but rather lists of apps.
So as we can’t find any source code, we assume this app is closed source and thus not verifiable.
Tests performed by Leo Wandersleb
Do your own research
In addition to reading our analysis, it is important to do your own checks. Before transferring any bitcoin to your wallet, look up reviews for the wallet you want to use. They should be easy to find. If they aren't, that itself is a reason to be extra careful.