Wetez team always emphasizes that security is the top priority of a wallet. Under the premise of security of all new integrated chains, we then maximize the user experience There are many factors affecting security. From the programming language, the design principles, coding specifications, the code open source, code auditing, etc., We need to pay attention to any aspect of them to bring relatively high security. Many users take open source as a guide to judge the security of a wallet. We think that it is not rigorous enough.
Wetez always integrates new blockchain with value in the first place, like Tezos, Cosmos, IRISnet. For each project’s integration, we always got a question from new users whether Wetez is open source or not. Cosmos is the second project we have integrated. Just like the time when we completed the integration of Tezos, users have thrown the same questions. We try to explain the risk factors of open source and not open source to users, but not everyone can understand.
Non-open source wallets have the risk that wallets will store the user’s private keys. On the other hand, open source projects are more vulnerable to find vulnerabilities. No developer can guarantee 100% security of the code written by himself. What can be guaranteed is that there is no loophole within the scope of his own knowledge. However, if it is once open source, he can’t ensure that there are vulnerabilities beyond his own knowledge. The vulnerability may be caught and used to launch an attack.
Wetez’s attitude toward open source is that wallet must be open source, and open source is the only way to solve trust issue. However, open source should be divided into several stages. Especially when a new blockchain project is integrated. It is best not to open source at the beginning, because new projects are likely to be full of dangers. After all, the project itself has not experienced a test from the market. The upper layer of blockchain such Dapps are more likely to encounter a vulnerability problem. When the blockchain’s vulnerabilities expose, they will endanger the wallet or the exchange. So, between trust and maturity of projects, Wetez chose the former. We would try all possible ways to get the trust of the user rather than choose open source right away. This can avoid the danger of uncertainty caused by open source.
What Wetez wallet handles the private key/mnemonic by using the native algorithm of the wallet client. Then we encrypt it and store it in the native area of the mobile phone. When users need to process transfer, delegate and etc, Wetez claims the signature of the private key from the native environment. (Here we claim the signature of the private key rather than directly request the private key, which is consistent with the logic behind the hardware wallet.) After the signature with transmitted data is obtained then we broadcast to the network. Therefore, the private key/mnemonic is encrypted and stored locally on the mobile phone. It will never be uploaded to the Wetez server. About this point, you can tell from the beginning that Wetez asks for the storage rights of the user’s mobile phone when App is opened. This storage permission is used to store the user’s private key. However, whether Wetez stores the user’s private key on the server or not, it is hard for a user to detect if the wallet is not open source. Here comes the questioning point.
For this question point, there is a good way to test. Create an account/key in Wetez completely offline. Whether it is XTZ, Atom or IRIS, the whole process does not need to be connecting to the network. This can verify that Wetez doesn’t upload the user’s private key or mnemonic in the creation stage. Try it and share the result for us. However, this is just a supplementary test method. Why is it auxiliary? Because a complete wallet application not only needs to include functions of creating, importing but also functions such as sending, delegation, etc. These functions must be connected to the network, or the information interoperability cannot be completed. So during these processes, users can’t tell whether Wetez has secretly stored their private key.
Open source can’t completely solve this problem either. Unless the user runs the open source code on their own computer, then run the program and install it on their phone. If you download directly from the app market, such as Google play, AppStore, you can’t guarantee that wallet code you downloaded is exactly the same as the open source code. Wallet developers are likely to open source a set of code but upload another set of code to the application market. Wish general user that they install various environments and run the code by themselves is too hard.
In view of this, Wetez wallet chose phased planning. We will open source part of the code. There is a precedent of imtoken. They gradually open source their code. This kind of phased plan can’t get trust from all users. We can only win trust from the community by our active participation in the early stage. In the medium term, we will open source most important part gradually to realize the relative security Therefore, I hope everyone can give Wetez a try and we will keep contributing to the community to earn more reputation and trust.
At this stage, Wetez’s wallet on Tezos has been running for about half a year. We feel that it is close to the stage of open source. So Wetez will open source code about Tezos on Github. We hope everyone can pay attention to it and leave us a comment. The code of Atom and IRIS part will be open source after it has been running for half a year.
In the follow-up, Wetez will continue to focus on the integration of blockchains with PoS Staking. There will be many PoS-based projects coming online this year. The next plan, we will integrate Cardano, Algorand, Definity, Polkadot, Nucypher and other projects. The open source plan will also follow the strategy we mention from the above.
Finally, compare the plans of the private key/mnemonic native storage and web storage. There are a lot of web wallets and client wallets outside, the security level of them is different. The web wallet uses the cache to store the private key/mnemonic. Most of them use the local storage plan.
Because the code on the network is open and transparent, the code of the webpage can be easily copied and generated an exact same one. If the domain name of the webpage is hijacked, users may access to phishing site rather than original webpage wallet. Hackers can have a high probability of getting the private key stored in the cache. Therefore, there are certain hidden dangers in the network wallet. Pay attention to the web wallet if it uses the HTTP protocol. Avoid it! Choose the web wallet which uses https protocol. This will greatly increase the cost of being attacked. To give our users high security, Wetez’s API services and web services only use the HTTPS protocol.
In addition, the Local storage itself is only a part of the browser. It is not designed for people to store private information such as bank passwords. Therefore, it is necessary to separate the browser from the storage. The client wallet can better solve this problem. All operation call from client wallet is separated from the storage of the phone, which improves security to a certain extent. So, if you have a wallet choice, it is recommended to use the client app (such as Wetez) instead of using a web wallet.
In general, the question of open source, not open source, or phased open source. I hope that everyone understands that the Wetez team have taken serious considerations. On the road of security, Wetez is still exploring and hopes that users can understand it. As long as it is software, there is no absolutely safe. What can be done is to make every effort to improve its relative security step by step. This is what Wetez has been doing.