An Ethereum API for Android App Developers — Revision and What’s to come
Roughly 2 years ago we first described our idea of a mobile and secure platform to connect Android devices to Ethereum-based blockchains:
..our solution should be a native Android application, offer a pleasant user-experience, and offer the user a simple way to connect to an Ethereum Full Node on a personal server. We wanted to build an Ethereum toolbox for Java developers, with all the tools developers are used to work with.
The following article aims to summarize and share how our past 2 years of experience and development in the, now more than ever, very promising field of blockchain development have shaped this platform.
The evolution of Ethereum Android as a Platform
Ethereum Android was created to enable a broad variety of use cases where mobile devices need to connect to blockchain technology based on Ethereum.
The platform is made up of 3 parts:
- the Secure Server Module to connect any infrastructure that runs a full node of any Ethereum-based blockchain to the smartphone application
- the API of the Ethereum Virtual Machine in form of an Android library to incorporate blockchain functionality in any Android app
- and the Wallet App that lets the user interact with any blockchain implementation, i.e. sign transactions, query the blockchain and interact with smart contracts
Over the course of the last 2 years we’ve refined the vision of the platform while further developing its parts. Especially the development of our wallet app brought us a lot of feedback and insight in what really matters for end-users.
What follows is an overview of how each part of the platform was further developed and extended until today.
Server Module becomes Secure Proxy
To support a wider variety of new and already existing technical infrastructure we extended the server module by extracting the security layer into a lightweight secure proxy server. As long as the blockchain node exposes a JSON-RPC the wallet app can communicate with it.
The secure proxy in combination with our crypto library Seccoco guarantees that every connection between wallet app and blockchain node is end-to-end encrypted while Seccoco applies state of the art encryption to also guarantee the integrity of the application data itself on the device.
Our main priorities behind this approach were guaranteeing the integrity of the user’s data — especially any imported private key — while at the same time offering a great amount of integration flexibility to support the most common technical infrastructures.
An API to interact with them all
Our Android library makes it possible to make secure blockchain calls with plain Java code from an Android application. A developer using the library does not need to know anything specific about the Ethereum implementation like nonce handling or serialization. Instead the library offers regular, known Java interfaces to work with.
The client app acts as a ‘gatekeeper’ for apps that access the API. Similar to Google Play Services, the user, as owner of his Ethereum account, decides the level of access he or she wants to grant a specific app. Currently, every time an external app requests to make a blockchain call, the user needs to confirm it manually.
We plan to build in a certain level of automation, i.e. a user sets a specific spending cap for an app which is then authorized to send transactions on behalf of the user until the cap is reached. Especially 2nd-level applications like Raiden and Plasma could benefit by this mechanism.
The Wallet App — where all comes together
The wallet app is the heart of the platform. We worked long and hard to find a balance between security, decentralization, privacy, performance, and a good UX.
You might notice that some of these attributes are hard to combine. Decentralization and performance, for instance, or security and a good UX.
We wanted to grant users full sovereignty over their Ethereum accounts because everything else would compromise our privacy and decentralization principles. This meant that a new user could either import an existing account by its private key or generate a new one with the app.
If the user chose to generate a new account, we strongly advised to make at least one backup of it before verifying the private key.
As you could imagine, we’ve had so many reports of lost private keys where we had to explain that we cannot recover it because it wasn’t a managed account.
Fortunately, nearly all of the lost accounts only had test-ether on them — a crypto-currency on a private test-blockchain by us, that we created to try out blockchain functions without losing any money.
More control = more stuff to break
The wallet app was originally designed to offer the same amount of features as a web-wallet with the same level of complexity that comes with it. Users could quickly switch between Blockchains, set a custom Gas Price for transactions, and export unsigned transactions for external signing with a hardware wallet, for instance.
We noticed at an early stage that many users who were new to blockchain technology were overwhelmed and simply did not understand what they should do.
While some were extremely happy when they received test-ether because they thought it was the real deal, others were plainly insulting to us because they did not understand the concept of Gas Prices and Limits and thought that we were blocking their money in our app.
What to do now?
As we mentioned earlier, juggling all these principles (security, decentralization, privacy, performance, UX) is a very challenging task.
We are not saying that trade-offs need to be made, especially not in terms of security and privacy, but the wallet app needs to evolve and not try to be a Jack of all Trades as it does at the moment.
Looking back, we are very happy about how well our platform has been received.
Currently, we are working on a major update of our wallet app which will offer a completely new UX while supporting significantly more powerful use cases, so stay tuned!