Wallet Logo

Shango Lightning Wallet

latest release: Varies with device ( 1st June 2019 ) last analysed  16th July 2021 Not functioning anymore 
1 thousand

Jump to verdict 

Older reviews (show 0 of 1 reproducible)

Help spread awareness for build reproducibility

Please help us spread the word discussing build reproducibility with Shango Lightning Wallet  via their Twitter!

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

The Analysis 

Update 2021-07-16: This app is not available on the Play Store. Given our findings below, we don’t expect it to come back.

This app features

No hassle, instant setup. The Shango service offers you a FREE, secure LND cloud server instance paired to your device, without requiring you to master advanced technical skills and command line tools.

but although they set those servers up, they claim:

Note: Shango doesn’t hold any funds, does not store any user identifiable information, does not have access to any private keys nor perform any transactions. It relies on and sends commands to the open source daemon LND to perform Lightning network operations.

so that is certainly weird. Maybe the website is more informative …

Turns out, the website uses a ten months expired ssl certificate and greets us with:

Warning: Potential Security Risk Ahead

Not exactly inspiring confidence. So we ignore the warning for you and get rewarded with a link to their GitHub with the label:

Open Source

Don’t trust us, verify the code. All source files on Github.

but there we see some 20 files that are definitely not an Android app and no activity in over a year.

This app is for all we can see closed source and thus not verifiable.

(lw)

Verdict Explained

This product went out of business ... or so. Read the analysis for details.

As part of our Methodology, we ask:

Is the product still supported by the still existing provider? If not, we tag it Defunct! 

Discontinued products or worse, products of providers that are not active anymore, are problematic, especially if they were not formerly reproducible and well audited to be self-custodial following open standards. If the provider hasn’t answered inquiries for a year but their server is still running or similar circumstances might get this verdict, too.