Payment tech: Mobile vs Web wallet

Payment tech: Mobile vs Web wallet

Being an ex. founder of a multi-signature bitcoin mobile wallet both for Android and IOS (at Kesem.io) and a web developer in the past, I decided to summarize what are the advantages of developing mobile wallets vs developing web wallet.

Let’s start with the basics.

Web vs Mobile. It takes time to create a user experience that is great for both mobile and web. The full development of a full web-based wallet can be 30% less time consuming compared to the development of mobile wallet applications.

Advantages of web wallets

When building a web wallet, you can take ready mature open source code
that will do all transaction manipulations (in case transaction signing is on the server and not in the frontend).

Main security-related threads:

1. Virus running on the Desktop can copy login & password and possibly copy private keys when they are imported.

2. Attack on our infrastructure. If transaction signing is on our backend, it means, you have the user private key and the attacker can hack the system and still all the money.

Improving security for web wallet

An alternative solution might be – transaction signing in the web frontend – without saving private keys in the server. It will require additional development efforts – so, we are not winning here 30%. Virus can still copy user private keys.

Advantages for mobile wallet

In general, mobile is much more secure than a windows desktop.

1. User experience = same time development for web and for mobile. We can use React Native or flutter.dev.

2. You can store private key in secure enclave for IOS and Android Keystore.

3. You can check for a rooted device and block this app from working. If the mobile device is not rooted, it is much harder to create a virus that will copy the user’s private key.

About the author

Yuli Stremovsky
Yuli StremovskyParanoid Security Guy
For the past 15 years I’ve been leading the evolution of startups and enterprises to achieve the highest level of security and compliance. Throughout my career I’ve been a Cyber Security expert and advanced solutions architect with many years of hands on experience both on offensive and defensive side. Knowledgeable at the highest level in application development, networking, data and databases, web applications, large scale Software as a Service solutions, cloud security and blockchain technologies.

I’ve been working with CISO’s of international enterprises, helping them set Information Security strategy, and overseeing the implementation of these recommendations. As part of these projects, I’ve been assisting companies to achieve compliance in GDPR, PCI, HIPAA and SOX.

Among my credits, I was a founder of a database security company GreenSQL/Hexatier which was acquired by Huawei and I’ve co-founded Kesem.io, Secure multi-signature Crypto wallet.

Specialties: Software and cloud architecture, Compliance (GDPR, HIPAA, PCI, SOX), blockchain technologies, software development, secure architectures, project management and low level research.