Online WalletGoogle Play
Our wallet review process
We examine wallets starting at the code level and continue all the way up to the finished app that lives on your device. Provided below is an outline of each of these steps along with security tips for you and general test results.
Application build test result
The wallet has no listed website on its Google Play page. But its developer is searchable: XCritical Soft. Ltd. The app’s Terms and Conditions list xcritical.com as its page.
The app claims to support Bitcoin and can send and receive. There was no mention of private keys or seed phrases.
Termination Clause in User Agreement
The user agreement can be accessed via the app.
Section 4.5 Termination. We may close , terminate, enable or disable any or all of the Services, your User Account or your access to the Services at any time and for any reason. Depending on the Services available to you in your User Account, we may require you to take certain actions in order to complete a pending transaction or provide additional information prior to closing such User Account. You are solely responsible for any fees already incurred.
The wallet is further described in Section 5.
Section 5.1.1 The Wallet is provided to you exclusively by Online Wallet. At no point will Online Wallet ever take custody of Virtual Currency stored in a Wallet. The Wallet is only capable of supporting certain Virtual Currencies. Under no circumstances should you attempt to store Virtual Currencies in your Wallet that the Wallet does not support.
Section 5.1.2 When you create a Wallet, the Wallet software generates a cryptographic private and public key pair that you may use to send and receive any supported Virtual Currency via the relevant Virtual Currency network. YOU MUST STORE OUTSIDE OF THE SERVICES, A BACKUP OF ALL WALLET CREDENTIALS, INCLUDING YOUR PASSPHRASES, IDENTIFIERS, BACKUP PHRASES, PRIVATE KEYS AND NETWORK ADDRESSES. If you do not maintain a backup of your Wallet data outside of the Services, you will not be able to access Virtual Currency previously accessed using your Wallet in the event that we discontinue or no longer offer some or all of the Services or may otherwise lose access to Virtual Currency. We are not responsible for maintaining this data on your behalf.
We downloaded the app and found Bitcoin support with send and receive functions. We tried looking for any options that allow for the backing up of the wallet via seed phrases but could not find any.
We emailed Online Wallet (posted screenshot on twitter) to ask them how to backup the wallet.
With no clear website to get more information from, we are left with the resources at hand. The app does not make it a point to make backing up the wallet easier. Yet in its Terms and Conditions, mentions that it’s the user’s responsibility to backup the private keys. Yet in Section 4.5, the service mentions the power to “close, terminate, enable or disable any or all of the Services”. If the service is disabled - how can you access the wallet without the private key? We’re giving this service a custodial verdict making the app non-verifiable until such time that their support clarifies this with us.
Tests performed by Daniel Andrei R. Garcia
Do your own research
In addition to reading our analysis, it is important to do your own checks. Before transferring any bitcoin to your wallet, look up reviews for the wallet you want to use. They should be easy to find. If they aren't, that itself is a reason to be extra careful.