An Ethereum DApp user’s opinion on what features make a phone — Blockchain.
While Finney users have instant access to play the DApp Axie Infinity, Exodus users have to wait for the development team to create an integration into the Zion Wallet.
The time between ordering my HTC Exodus ™ and powering it on for the first time was a period of decentralized bliss. Soon a device would arrive that would allow me to put a few hundred dollars worth of crypto on it, interact with all my favorite DApps, and move between fiat and crypto with minimal friction. After turning the Exodus on it quickly became apparent that my vision for what the phone would be like was a bit different from how it functioned in reality. This article will outline what I think makes a fully featured blockchain phone, which of these features are present in the Exodus and Sirin Lab’s Finney ™,and why I think most of these features can be found on just about any phone.
Whats your point?
TLDR; During my time using the Exodus I didn’t trust the Zion Wallet enough to put more than $20 in it and the limited functionality of the wallet prevented me from using it to interact with many popular DApps. Despite having most of the features I was looking for in a blockchain phone, it and its cousin the Finney are missing the elements I think are crucial to piecing this whole decentralized puzzle together. When I ask myself do i trust the Zion wallet with a $20 bill the answer is an easy yes — but when I ask myself if I trust it every single day with all my cryptocollectibles, the answer is no.
This cool graphic and really this entire article is meant to demonstrate that with the exception of a true cold wallet, almost every feature you might consider as constituting a blockchain phone can be found on any modern smart phone and on most dumb phones as well. But, that is not to discredit the first generation of phones which have gone a long way to provide a solid foundation for future phone manufacturers to build on and which will lead to fully featured blockchain phones in the future, whatever that will mean.
The largest differentiating factor for Gen1 blockchain phones is their wallet security. However, both the Finney and the Exodus are missing advanced wallet features such as Web3 browser integration and Multisig.
Operating System Features
Encrypting your data is a given for users of crypto and the data on your phone is no exception. A phone built with security in mind would encrypt itself before doing anything else and should offer the ability to encrypt individual files as well. The Exodus has full phone encryption that begins on the first start up ensuring that nothing has time to infect the phone before it becomes encrypted. This is a nice security first approach that shows the HTC team cares about the security of their product.
The Finney takes it one step further with full phone encryption provided by its Sirin OS as well as an Intrusion Protection System (IPS) that can be used to black or white list individual apps. The IPS feature is available in a limited capacity through the standard suite of Android Security features on the Exodus, but the IPS protection provided by the Finney is said to be superior, although there isn’t much besides the word of the team to back this up. When it comes to encrypted communications the Finney is the only one of the pair to offer a built in secure messaging app although it is unknown if both parties need to be using the same application for the encryption to be end-to-end. The Exodus does not offer any end-to-end encryption for communications.
SIM Card Lock
SIM card swapping is one of the largest threats facing the mobile crypto community and one way to help curb this problem is with a built in SIM card lock feature. This lets you set a new SIM card PIN from within the phone itself, without needing to reach out to the mobile carrier. This is not an end all solution but combined with a smart choice of mobile carrier should keep you well protected. Watch this episode from The Bad Crypto Podcast for a better idea on which carrier to use and why this feature is so important.
Access to Play Store
It may seem like a no-brainer but having access to download any program from the Play Store is important when you consider companies like Apple restrict many cryptocurrency products from appearing in their tailored market. The Play Store has lots of apps that I consider essential for phone security such as MalwareBytes, Brave Browser, NordVPN, and Avast Mobile. Every user has different preferences, but not being able to pick and choose from the full suite of software available is pretty damaging when you are using bleeding edge technology such as this. Both the Finney and the Exodus have access to the Play Store because they are Android devices.
Facial Unlock, Fingerprint Scanners, and PINs
All three features are needed to protect your phone. A PIN is needed so that when your phone is hard reset an opposing force cannot open your phone with your fingerprint or face alone, which is completely legal to do without your permission in many jurisdictions. Facial Unlock combined with a Fingerprint Scanner gives you a multi-factor method to identify yourself in public without revealing your PIN to strangers. Any of these options by themselves are weak and easily exploited, but together make a powerful combination. The Exodus and Finney also require the SIM Card Lock PIN to be entered when the phone is rebooted, adding an additional layer of security.
It is safe to say that when it comes to security the Finney’s Cold(ish) Wallet is about as much as you could ask for in a phone. Due to the size of the Bitcoin and Ethereum blockchains, most modern phones have no ability to store an entire copy of the blockchain on the phone thus making a phones wallet rely on notes that can verify ever transaction. This means that transactions done using the Finney’s wallet still need to wait for 6 confirmations before they can be trusted. With that said, having a wallet that is stored on a separate chip and only activates when used is still highly secure. The pop up safe screen arguably makes you stick out as a crypto user, which may detract somewhat from the enhanced security aspect, but that factor isn’t very measurable.
While the Exodus’ Zion wallet isn’t stored on a separate chip, it is stored in a separate secure enclave within the device. The Zion wallet also uses something called a Trust Zone trusted execution environment (TEE)to protect against any malicious software that might be trying to steal your keys. Considering that most users will not store a large amount of funds on their phones wallet, this level of security seems adequate enough for day to day use, but it leaves doubt in my mind about whether I would leave anything substantial in the wallet long-term until the wallet has been out enough time to prove it is secure.
Large Selection of Currencies
An important part of any good wallet is the ability to trade many different types of currencies. Some wallets are very limited in this aspect and focus on only one currency while other wallets have thousands of currencies available. The Exodus wallet is limited in that it only supports BTC, LTC, ETH and limited ERC-20 and ERC-721. The Finney wallet is less limited in its selection, but is missing some larger currencies such as LTC. With both the Finney and the Exodus there is no way to add a currency manually like you may be used to with services such as MyEtherWallet.
Finney has support for a wide, but random, selection of cryptocurrencies.
The Exodus and Finney teams do not have their wallets source code open for review. Sirin Labs provides a GitHub that includes code for many of their phone applications, but HTC has no similar resource. The perceived benefit to having the code open source would be the ability for the community to review the code for errors or malicious activity before trusting the wallet with their funds.
When I asked the admin of the Exodus Telegram group, Adrian Doerkof, why they had decided not to make the code available he let me know that the two main reasons were to prevent fake wallets being created by attackers having access to the source code, as well as for the increased security provided by an attacker needing to reverse engineer the wallet before attacking. Adrian also remarked that security and protection of the funds stored in the Zion wallet is and will remain their first priority. There are definitely multiple viewpoints when it comes to open source wallets, but trusting anything except an open source hardware wallet with a large amount of my funds still doesn’t seem like the best option long-term.
Exchange Integration or Token Conversion Services
The ability to trade one token for another or to execute a buy or sell order from within your wallet gives the user the comfort of knowing you are not visiting a fake website and that you are not copying or pasting any addresses or keys incorrectly. It also allows you to perform these services using the same relative level of ease and safety that your entire wallet provides.
The Finney wallet has a built in Token Conversion Service (TCS) that can be used to trade one token for another as well as provides access to 16 pre-installed DApps that include a small selection of exchanges capable of executing buy and sell orders. The selection is noticeably lacking larger players such as Binance, Kucoin, Coinbase, Changelly, Shapeshift, and Gemini to name a few.
The Exodus on the other hand comes with only Cryptokitties pre-installed and has no access to any exchanges or Token Coversion Services from within the Zion Wallet. This means you will need to have access to a Web3 browser such as Cipher Browser or Trust Wallet or install additional apps before you can do much besides a basic transfer between two wallets. This extremely limited capabilities means the Zion wallet is really only used currently for sending cryptocurrencies between other users of the app as well as individual addresses.
Neither the Finney nor the Exodus provide a way to use fiat currency to purchase cryptocurrency directly from their wallet. This may be due to regulations in the USA and other countries about being a money transfer service, but it is still high on my list of features that make a complete wallet. Unfortunately, this is just one example of why innovators may need to exclude the USA in order to satisfy the needs of the community at large — namely users in developing economies that need an easy way to turn fiat into cryptocurrency securely and quickly and from within the same app as their friends.
Web3 Browser and DApp Integration
The Finney’s dCenter has a varied selection of exchanges, games, and token conversion services including my favorite, Axie Infinity.
The few trusted wallets with full Web3 browser capabilities all provide full access to every single DApp that is published on the Ethereum network. What they don’t offer is the security of operating these DApps from a hardware secured or enclave secured wallet. The Exodus and Finney have the opportunity to combine this Web3 integration with the security of a well engineered wallet to open up an entire world of possibilities to the user.
Instead, both companies currently rely on their SDK, hoping that developers will create their own integrations into their wallets. In time this will likely work in their favor, but it is currently much more convenient to use one of the existing Web3 enabled wallets than to use the wallet provided in the Finney and Exodus and need to transfer funds to an additional Web3 enabled wallet if you want to interact with a DApp that is not supported by the wallet. At current state this may be the largest letdown of this first generation of blockchain phones; their inability to allow me to use any DApp I please from their own integrated wallets.
Key Recovery Options
One area where the Exodus outpaces the Finney is in the area of private key management. The Zion wallet has a Social Key Recovery feature that allows you to break apart and share a portion of your wallets key with trusted friends that you can then rely on if you happen to lose access to your private key. This is a giant step forward for the future of key management and it will be interesting to see how it is used in practice and how this leads to innovations in how we store passwords and keys for all wallets. The Finney unfortunately has no key recovery features at this time besides the ability to back-up your key by writing it down.
Multi-signature wallets require in most cases two out of three private keys to claim ownership of any unspent transaction outputs attached to your address. If that sentence didn’t make any sense I suggest reading Mastering Bitcoin by the great Andreas Antonopouluos, but if you are still with me, then you probably already know that multi-signature wallets are considered more secure than a traditional wallet that only requires one key to access. A multi-signature wallet is sometimes considered risky because it relies on code that could have its relationship changed in future versions of the protocol, possibly locking your funds. However because phones are less likely to store larger amounts of funds we will likely see multi-signature capabilities on mobile wallets within the year.
A good use for multi-signature wallet on a phone could be one where a hardware wallet is carried on your person and used to generate an additional signing key, thus becoming a very strong two factor authentication. The Exodus and Finney do not currently offer any multisig capabilites, however none of the top Web3 browser wallets include this feature either. The Trust wallet team is the only team I am aware of that has it as a long term development goal for their mobile wallet.
Whats in Store for Gen2?
Pundi X will launch the first true blockchain phone based on function(x) sometime in the future, making the first phone calls using an actual blockchain possible, but that is a topic for another time. Until then, I think the best thing we can hope for is that the second generation of blockchain phones is just the inclusion of well though-out security features and a fully featured Web3 Wallet in every new phone produced by Samsung, Apple, or any phone manufacturer that jumps into the pool.
Soon the Ledger Nano X will allow many users to be a lot more mobile than they were before although still unable to interact with a Web3 browser from a hardware secure device. Eventually, Ledger will release their planned Web3 browser and allow the real Exodus from my Ledger Nano S and MetaMask to begin but until that happens I think mass adoption is going to be on hold. Or, perhaps we will skip all these options and be using our implanted Ledger Z’s wallets in a crypto year or two.
Nothing contained here is financial on investing advise, but simply my opinions.
Donate eth: 0xc35cfe8d50e63b48fc624ff91a668c18ef9277a5
Originally posted at: https://medium.com/@felblob/mass-adoption-has-a-busy-signal-6c094faf5cce
*Thank you to the HTC Exodus and Sirin Labs Finney Telegram groups for answering my questions over the past few months