Hexa Bitcoin AppLatest release: 2.0.90 ( 19th September 2022 ) 🔍 Last analysed 18th October 2021 . Failed to build from source provided!
Help spread awareness for build reproducibility
Please help us spread the word discussing build reproducibility with Hexa Bitcoin App via their Twitter!
Do your own research!
Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.
The Analysis ¶
Updated Verdict 2021-12-21
While the app developers claim that it is self-custodial, this app has failed to build from source. This was addressed in issue 2544.
I checked our build config the dev flavour of our app can be built in debug mode. The build script to create a release apk of our production version is not in the project.
I will add this to the project and add instructions on how to build it. I can’t specify a ETA for this right now but it will be done soon.
On a side note, I did 2 builds one after the other on AppCentre to see if they are the same. using Android APK analyser I could still see some differences; very tiny differences in a couple of auto generated files. I am keen to understand if you will be using APK analyser to verify builds or will it be a straight diff comparison of binaries, or something else.
This correspondence has been made in January 23, 2021. Since then, there has been no update.
The app’s Google play description claims that the app is non-custodial. It has partnered with Swan Bitcoin which is a custodial service that allows users to “DCA” (Dollar Cost Average) into bitcoin. The Swan service is built-in the Hexa app. Unlike most self-custodial wallets, Hexa splits the seed into recovery keys which are then spread out over multiple devices. We posted a screenshot of this on twitter.
The first level of security is the cloud backup. As Hexawallet aptly points out in their FAQ,
A normal Bitcoin Wallet relies on you remembering a set of words (often called a “mnemonic”) or a secret number (your “private key”) and losing these renders your account unusable. Hexa aims to simplify this by allowing you to recover access to your funds by splitting your seed into multiple parts (called “Recovery Keys”) shared between you and your Keepers (trusted people whom you can rely on in the event of emergency, like your mother)
Seeds are split into Recovery Keys:
Recovery Keys are encrypted parts of your seed that are split and shared with your Keepers. Hexa creates 5 Recovery Keys, and having access to any 3 enables you to recover your wallet. These Keys are encrypted, so no one can read them without you requesting for them in the event of an emergency.
We encountered a build error while compiling from source code!
As part of our Methodology, we ask:
Can the product be built from the source provided?If the answer is "no", we mark it as "Failed to build from source provided!".
Published code doesn’t help much if the app fails to compile.
We try to compile the published source code using the published build instructions into a binary. If that fails, we might try to work around issues but if we consistently fail to build the app, we give it this verdict and open an issue in the issue tracker of the provider to hopefully verify their app later.
Share onTwitter Facebook LinkedIn
Or embed a widget in your website
<iframe src="https://walletscrutiny.com/widget/#appId=android/io.hexawallet.hexa2&theme=auto&style=short" name="_ts" style="min-width:180px;border:0;border-radius:10px;max-width:280px;min-height:30px;"> </iframe>
<iframe src="https://walletscrutiny.com/widget/#appId=android/io.hexawallet.hexa2&theme=auto&style=long" style="max-width:100%;width:342px;border:0;border-radius:10px;min-height:290px;"> </iframe>