RWalletLatest release: 2.0.1 ( 30th June 2021 ) 🔍 Last analysed 2nd December 2021 . Failed to build from source provided!
Help spread awareness for build reproducibility
Please help us spread the word discussing build reproducibility with RWallet via their Twitter!
Do your own research!
Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.
The Analysis ¶
As described in this issue, this app replaces and as such had to start from zero with reviews, ratings and downloads.
RWallet is a multi-currency non-custodial wallet that supports Bitcoin. It supports BTC, Bitcoin on RSK (RBTC), RIF Token (RIF), Dollar On Chain (DOC)
RWallet has three options:
- Create Basic Wallet
- Import Existing Wallet
- Add Read-only Wallet
Upon clicking “Create Basic Wallet”, you are allowed to choose from Segwit or Legacy crypto address. After this, you are given access to the 12-word recovery phrase and asked to safeguard it.
You can send and receive like a normal wallet.
After confirming that the recovery phrase has a backup, the app asks you to set a PIN. This PIN must be entered to access the recovery phrase again.
Code and Reproducibility
We were able to find a related website even though RWallet’s Google Page did not
have a website listed. The contact email address had a domain of
iovlabs.org. We could not find any mention of RWallet’s
open-source nature on that website. However, searching for the
‘com.rsk.rwallet.v2’ brought us to what could possibly be
RWallet’s GitHub repository. Although
this specific repository is not linked from the iovlabs.org, we feel that it
could be relevant as it mentions a lot of related items.
A while ago Emanuel had already looked into this app but as it had only few users, he did not check for reproducibility.
Back then he already ran into the issue that several files are not being provided in the source repository, making it hard to compile the project and impossible to compile it in a reproducible way, as the missing files affect the compiled app.
The new build instructions
link to a non-existing section about an
.env file and do not mention the
google-services.json Emanuel had to create back then. It is mentioned though
that a signing key is required, which for our purpose should not be the case, as
we intend to work with an unsigned app. How can we build an unsigned version of
the released app?
We conclude, this app is currently not verifiable.
We encountered a build error while compiling from source code!
As part of our Methodology, we ask:Can the product be built from the source provided? If not, we tag it Build Error!
Published code doesn’t help much if the app fails to compile.
We try to compile the published source code using the published build instructions into a binary. If that fails, we might try to work around issues but if we consistently fail to build the app, we give it this verdict and open an issue in the issue tracker of the provider to hopefully verify their app later.
Share onTwitter Facebook LinkedIn
Or embed a widget in your website
<iframe src="https://walletscrutiny.com/widget/#appId=android/com.rsk.rwallet.v2&theme=auto&style=short" name="_ts" style="min-width:180px;border:0;border-radius:10px;max-width:280px;min-height:30px;"> </iframe>
<iframe src="https://walletscrutiny.com/widget/#appId=android/com.rsk.rwallet.v2&theme=auto&style=long" style="max-width:100%;width:342px;border:0;border-radius:10px;min-height:290px;"> </iframe>