Being an ex. founder of a multi-signature Bitcoin mobile wallet both for Android and IOS (at Kesem.io) and a web developer in the past, I decided to summarize what are the advantages of developing mobile wallets vs developing web wallets.
Let’s start with the basics.
Web vs Mobile. It takes time to create a user experience that is great for both mobile and web. The full development of a web-based wallet can be 30% less time consuming compared to the development of mobile wallet applications.
Advantages of web wallets
When building a web wallet, you can take ready mature open source code
that will do all transaction manipulations (in case transaction signing is on the server and not in the frontend).
Main security-related threads:
1. Virus running on the Desktop can copy login & password and possibly copy private keys when they are imported.
2. Attack on our infrastructure. If transaction signing is on our backend, it means, you have the user’s private key and the attacker can hack the system and still all the money.
Improving security for web wallet
An alternative solution might be – transaction signing in the web frontend – without saving private keys in the server. It will require additional development efforts – so, we are not winning here 30%. Virus can still copy user private keys.
Advantages for mobile wallet
In general, mobile is much more secure than a windows desktop.
1. User experience = same time development for web and for mobile. We can use React Native or flutter.dev.
2. You can store private key in secure enclave for IOS and Android Keystore.
3. You can check for a rooted device and block this app from working. If the mobile device is not rooted, it is much harder to create a virus that will copy the user’s private key.